Understanding Key Authentication in End-to-End Encryption for Cloud File Sharing
In the solution that you describe, the service acts as a CA of sorts, validating for Alice that the public key purported to belong to Bob is in fact Bob’s.
For further verification, some end-to-end encrypted file sharing services (e.g. encryptedsend.com) provide a means for Alice to verify Bob’s public key, through some out-of-band method, such as phone, SMS, etc.