E2EE private public keys

I installed the E2EE app on the Nextcloud and found out that it stored a private and a public key in nextclouddata/appdata/end_to_end_encryption .

Since I am on a shared server, I would like to know if this is secure, assuming that the server admin (or if the datacenter gets hacked) can have access on an E2E folder.

I thought by setting a passphrase in the NC client, it will be stored locally on the PC, therefor it’s not possible to open the encrypted folder in the WebGUI.

So what is actually the story behind these two keys in appdata?

I moved those two keys, nothing happens. So what’s the purpose of the keys?

Actually i do not use the app End-to-End Encryption. But I am still interested in it.

“found out that it stored a private and a public key in nextclouddata/appdata/end_to_end_encryption”

private key on the Nextcloud server? Is it not a security risk? That doesn’t make any sense, does it? Or is they key encrypted? Can the server decrypt the key? E.g. with user password? Can someone explain it? I would be really interested. or is it just an one-time mistake?

As far as I’ve read in some documentation the keys are stored in order you may easily connect another client to the cloud without manual placing keys on it. I assume the key is read with the help of mnemonics.

My understanding is that the private key is stored on the server in an encrypted form. When the client needs it, it downloads the encrypted private key and decrypts it thanks to the 12-word passphrase stored locally in the client.