I don't see the benefits of asymmetric encryption in your case. But if you prefer public/private key encryption, gnupg comes to my mind. Create a key-pair. The public key is needed on the client for encryption, the private key is needed on the client for decryption. IMHO there is no need to keep any of the keys on the client when it is not needed. Make them available from the server via sftp or scp when they are needed, wipe any instance on the client afterwards.
Create a file container, put a fs on it, mount it via loop, and try to put anything needed to run AIDE into this container. Encrypt the container file afterwards - and do a checksum of it. (Container handling would be easier if you use cryptsetup instead of asymmetric encryption.)
You might want to use NILFS to format your container, instead of ext3 etc.:
http://en.wikipedia.org/wiki/NILFS
I wouldn't use cron on the client for these things. I would use cron on the server, ssh into the clients, upload my script, run it, wipe out all my traces and vanish. I would try not to leave any evidence of the mere existence of AIDE on the client, except a strange big file filled with cryptographic random. You're root. Nobody can break into your system better than you;)