You are describing a man in the middle attack.

Intended use case: Alice <--[Object Store]--> Bob

MitM issue: Alice <--> [Eve] <--> [Object Store]--> Bob

In the MitM Eve intercepts both Public Keys and forwards on their own public-key and can then decrypt/encrypt all of the traffic between Alice and Bob.

The solution to this is to add a trusted third party. For instance if your Object Store has a HTTPS cert both Alice and Bob can check against the certificate authority that they are indeed talking to the Object Store rather than to Eve

If you need, you can even go one step further and enforce client side certificates so not only do Alice and Bob know that they are talking to the Object Store but also that the Object Store knows that its talking to Alice and Bob

You are describing a man in the middle attack.

Intended use case: Alice <--> [Object Store] <--> Bob

MitM issue: Alice <--> [Eve] <--> [Object Store] <--> Bob

In the MitM Eve intercepts both Public Keys and forwards on their own public-key and can then decrypt/encrypt all of the traffic between Alice and Bob.

The solution to this is to add a trusted third party. For instance if your Object Store has a HTTPS cert both Alice and Bob can check against the certificate authority that they are indeed talking to the Object Store rather than to Eve

If you need, you can even go one step further and enforce client side certificates so not only do Alice and Bob know that they are talking to the Object Store but also that the Object Store knows that its talking to Alice and Bob