If you can decrypt something in the app then there's no way to make this watertight, it's a fundamental problem of encryption.
The way that some applicaitons do this when it's absolutely imperative that the server cannot decrypt anything is that they encrypt something client-side and store only the encrypted version on the server, but that of course means that the server can never know about the key and the clients themselves are responsible for keeping the encryption key AND for decrypting the document when they retrieve it. For example PGP is based on this mechanism. Mails are stored on the server but only the client knows the key to decrypt them. Some cloud file storage providers do this as well, or people build custom solutions around this, like a client side encryption tool for Dropbox.
You can also do a security by obscurity approach, storing the decryption key somewhere in a somewhat hidden way, but that is generally seen as a bad approach. To understand if this is worth it really depends on your actual requirements, why do you actually want this? If it's for example alright that the documents are safe when a hacker has all the files but no access to the database where the key is stored, then this may be enough for you.
Bas,
You are right about the limitations of encryption. The business case I have is as follows:
So in order to show good faith efforts in the event of a breach or government audit, I am exploring ways to encrypt the stored faxes inside of this app.
BTW, I always work under the assumption that preventing intrusion is not do-able. But that is a whole different post.
Hope that is an adequate description of the requirement.
Mike