I think that when the enemy has root access you are severely violated. One step back would be fisical access of a enemy to hardware, but I think that there are no step forward. The root access is the deepest violation possible in a energized system.

Your thoughts are possible to be deployed, but are useless because the information to be protected could be intercepted before it be encrypted.

Maybe the backups would be protected that way, but almost useless too because, with the backup copies, an attacker may have enough information to prepare a more sofisticated attack.

The assimetrical keys are useful to try avoid changes in the message thru the network. I heard about the possibility of a man in the middle be able to decrypt a message, so there are high risks in a encrypted transmition if the internal network are compromised.

IHO, security is about the weakest link in a chain, there are no shortcuts at all. You must, first at all, to protect your permission system and the backups, these are the natural weakest links.