I doublechecked and the code complies with both of these points. I kept the rdbKey node in the ibconfig; here is a snippet:
The only thing I changed in the ibconfig was to substitute the <connection> node with its encrypted value. My implementation of GetKey then decrypts it. Everything else in this file is exactly the way it was generated.
As for the RdbKey name in my implementation of GetKey, I don't change that either; in fact, I don't use either parameter, I defined a string constant with the value "default" and just return that as the key name.
One thing I did notice was that my implementation of GetKey is called twice. Could that perhaps be causing the problem I'm seeing? I designed the encryption/decryption as separate library so that other applications can use it.
To obtain the encrypted connection string, the separate library loads the same AppModel.dll assembly and then extracts the <ideaBlade> resource back from the AppModel.dll, whose connection node is then decrypted. I don't know if this is the ideal way to do this, but it certainly gets me what I need because the AppModel.dll already contains the encrypted connection string that I need and I figured I would just reuse that rather than creating yet another place to hold the connection string.