Detect when the used encryption key is not the right one

One way to do that would be to allow the user to "label" keys, store the key label in some unencrypted metadata, and error if the user tries to download a file and decrypt it with the wrong key.
