Thanks, I realize this may sound like straining at a gnat and swallowing a camel to some, but it’s been a concern for some users; see the thread I linked and this one as well. Especially for tournaments, I think everyone would be more comfortable if the integrity of die-rolling could be guaranteed.
Also, I’m hoping that some developer will see this as an interesting challenge worth implementing just for the sake of it. Sadly, I don’t have the skills.
With respect to authenticating the key, while (again) I’m sure there are already well-proven methods available, another idea would be to generate a random key of sufficient length, and then use the key itself as the “padding” for the encrypted seed. I assume/suspect that it would be very hard to create a encrypted message that decrypts into (payloadA + keyA) if decrypted with keyA, and (payloadB + keyB) if decrypted with keyB. Of course, this will only work if using the key as the “padding” doesn’t make the key easy to guess, but again, I suspect it wouldn’t.
However, enough speculation from me on that point. Hopefully someone who really understands cryptography could suggest an appropriate method.