The keys are generated client-side, and encryption is done client-side, the encrypted data is then sent to the app. On sharing, the key is encrypted for the recipient and sent to them through the Tanker server.
Neither Tanker nor the app can see the clear data or keys.
We've spent the summer building an end-to-end encrypted file storage solution for the cloud. It is called FileKit and you can find a tutorial here:
https://docs.tanker.io/filekit/latest/tutorials/file-transfe...
Your feedback is welcome <3, we would love to hear how you would use it.
The Tanker team