Ahh-ha! That makes sense - if the whole book was encrypted with the customer's key, each download would have to wait on encrypting a big file. As Charleski describes it, only the relatively short (1024 bits? whatever...) payload-key needs to be encrypted for each customer.
I think.... something like that...