[tattler]

This is close to something I keep meaning to make.

It would be awesome if I could download the file without the password to verify that it's stored encrypted though.

[STRML]

That could be faked. The best way to ensure I'm not cheating is to watch the network requests and to look at the code (https://github.com/STRML/securesha.re-client/tree/master/jqu...).

You'll see the POST to the server going up encrypted, and the subsequent GET when you download the file coming down encrypted as a binary XHR.