Won’t help against a malicious hoster, you could as well use disk encryption. Or better the client-side encryption which is still tested and not available on all clients.
It is important that the database and the encrypted data are made at the same time because data base information is used to sign the files. Without this information, you can’t decrypt the files.
No you need a full backup. In theory, you should be able to decrypt without the signing but you have to modify the code which is not obvious. Unfortunately, there is no tool to decrypt files with the corresponding keyfile and the password.
If you plan anything with encryption, you should test a restore procedure. We had a couple of cases, where the restoring was difficult or just not possible with current tools. Therefore, I don’t encourage people to use it for local storage (because it was designed for external storage) as it adds a lot of difficulties without adding good encryption.