But, how does the second user to upload the same file know the file's encryption key (since presumably the server only knows ENCRYPT(FILE_KEY with USER1_KEY))?
It seems like either the server must know the file's encryption key, or the key must be derivable from the contents... which is no good.
It seems like either the server must know the file's encryption key, or the key must be derivable from the contents... which is no good.