The keys are generated client-side, and encryption is done client-side, the encrypted data is then sent to the app. On sharing, the key is encrypted for the recipient and sent to them through the Tanker server. Neither Tanker nor the app can see the clear data or keys.

This doesn’t answer the question. How come the app cannot see the keys? What about the key used to encrypt the client side key?

This really does answer the question, spot on. The client side app does see the key(s) but it does not send them to the server. This is how E2E encryption works, browser or otherwise.

I'm not sure specifically how Tanker is storing the client-side keys. Generally the client-side keys would be encrypted using an OS-level keychain.

Hi, other Tanker dev here. In the browser, we use IndexedDB (via dexie). Keys are encrypted using a secret that has to be provided when starting a Tanker session.

On mobile we use an SQLCipher DB encrypted with the same secret.