Improve gpg_passphrase prompt, is this client-side, server-side, is the bucket provider getting access to the private keys?

[agowa]

s3cmd/s3cmd

Line 2766 in 8cb9b23

("gpg_passphrase", "Encryption password", "Encryption password is used to protect your files from reading\nby unauthorized persons while in transfer to S3"),

Hi, I think the above message is heavily confusing. It claims to only protect "while in transit" which would indicate that the bucket provider will be able to see the plaintext of the transfered files. This however does not appear to be in lines with the implementation as stated in 3rd party documentations about this feature.

As I'm quite literally heavily confused by this message I'd like to request it being improved and making it clear who is able to see the plaintext of the files.

Aka.

1. Does the bucket provider get sent the private key by s3cmd in addition to the encrypted data?
2. Does s3cmd send the plaintext data + encryption key to the bucket provider for "server-side" encryption using it?
3. Does s3cmd only send the encrypted data to the bucket provider?
4. Does s3cmd do something else?