If you need to store non-sensitive per-file information, consider
xattrs.
Storing the key used to encrypt a file anywhere on the disk as-is is insecure.
You could store the public part of a public-private key pair into an xattr, however.
In userspace, you could write wrappers around the file I/O syscalls, to check for the encryption xattr, and if encrypted, ask a keyring manager for the corresponding key; if successful, your library would decrypt the file transparently. Encryption is of course possible too, but specifying which key to use is a bit of a problem unless the user only uses one key for encryption at a time. Without the library, and/or the key, programs can only access the encrypted contents. (Many tools will drop the xattr, though, so you do need to check that backups et cetera retain the public key in the xattr. Otherwise you cannot decrypt the file transparently, and even by hand is tedious since you need to try each of the keys you have to find the one that works.)
You can of course replace the library later on with a kernel module, which overrides the read and write vfs ops, if the file is/should be encrypted at open time, and then underlying fs supports xattrs.
Hope this helps.