Hi Olaf,
Thank you very much for your detailed feedback. Yes, we haven't published many technical details yet, but we will do so in the upcoming days and weeks.
Your assumption about the upcoming key management is generally correct. It is very important that your private key is encrypted with your password on your device before tansmitted to our key server. So without knowing your password we do not have any chance to access your private key which is required to decrypt your files.
As we don't have access to your private key on our server, we cannot give anybody access to it. Your security concern would require that our client software would encrypt your private key twice - once with your password and with some secret other key - and submit both versions to our server. I can promise you that this is not and will never be the case.
Of course, we understand if there are users who do not want their keys being sent to us (or anybody else) - even encrypted - that was one of the reason why we developed Boxcryptor and that's also why a Boxcryptor account will not be mandatory.
If you don't trust us enough, you have the option to use Boxcryptor 2.0 with an offline account. In this case, all data which would normally be sent to our key server will be stored in a local key file. When using Boxcryptor 2.0 with an offline account Boxcryptor will not establish any internet connection at all! (except for the update check if enabled). Of course, the sharing of files and folders and other new features cannot be used with an offline account because they require access to the public keys of other users.
You can try the offline account already in the Technical Preview we released today. On the Login screen, simply click the link "Use Boxcryptor with an offline account." at the bottom, choose a location for the key file and monitor the network activiy of Boxcryptor to verify that no connection is established.
Best regards,
Robert
PS: Please also see "Why do I have to create an offline account when I want to use Boxcryptor offline?" in our FAQ: https://boxcryptor.desk.com/customer/portal/articles/1085073-boxcryptor-2-0-technical-preview-faq
PPS: Yes, we received a grant from the German Government (Bundesministerium für Wirtschaft und Technologie) from the "EXIST-Gründerstipendium" program in the first year of operations (until April 2011) to start the company. We are not affiliated with "them" anymore in any way.