I forgot to mention. There is one very big flaw in this process. Nothing prevents someone from stealing your server and investigating the contents and then using Mandos (modified for their needs) to download the decryption password.
Now the above assumes time, and this is where Mandos has some additional security. Mandos will regularly query your client. If the client disappears for a specified period it will disable the key. So setting a timout long enough to allow reboots, but not extended poweroffs add some additional security. And if the client key is disabled, it is very simple to reenable it on the server with the mandos-monitor utility.