I'm looking to protect against the situation where someone gets on the server. I don't want them to be able to view the files directly on the machine or be able to copy them to another machine and then view them.

If you are going to decrypt them during download, and the bad guys have access to the server, they would only need to inspect your download script to see how to decrypt the files.

If they can copy the encrypted file, they can also copy the decryption script and perform the decryption on their own machine at their leisure.

The only way to protect the files on a compromised server would be for the users to download them encrypted and decrypt them locally using local software and keys known only to themselves. For example, if you encrypted the files for each user using their public key, and they decrypt them locally using their private key.

The downside of that is that you would have to encrypt files that may be downloaded by multiple users, multiple times, and keep multiple, unique copies of them.