Did he provide decryption keys for content that you specifically requested the keys for, not content that he selected? That is usually a pretty good method of proof, there isn't much more you can do.

There probably aren't that many non-private L1 private keys in circulation right now. That environment, combined with all of the recent revocations, also awakens the scammers.