The solution: don't encrypt the whole DB_File. The Berkley DB library wants to deal with the database file on disk. The best solution is not encrypt the whole file, but the individual keys and values that you want to protect.
One trick you could use is to decrypt to a temporary file, tie with DB_File, and unlink the file. Unix systems will keep the file around until the filehandle is closed. DB_File supports anonymous maps that work this way. The problem is relying on Berkeley DB not opening new filehandles or closing its existing filehandles. Also, it makes getting the modified file difficult.
Another trick is put the unencrypted database file on a RAM disk that is only readable by the user running the script.