TODO

There's lots of things to add.

TLS
- Autorenew this with an ACME server (eg, Boulder; use the Lego library)
- self-host the Boulder server & add the main CA pubkey to the client
- Work with self-signed stuff for now tho
Authentication
- Give each client an API key
- Limit decryption keys that client can access?
Admin UI on the server
- Manage client accounts
- Import public keys
- Add/Remove keys
Private Key autorotation
PGP Public Key Server
- a la keys.openpgp.org
- two servers? one public (company pub keys), one internal (customer pub keys)
Encryption groups
- Add a number of public keys to a group. When the client encrypts to a group, use all the keys.
- Auto-remove expired keys from groups

Technical TODO

More specific stuff

Wrap keys in Armor when sending over the wire
- Figure out sending multiple keys in the same request. Wrap in json? Can Armor handle multiple keys? Can I just concatinate multiple Armored keys?
Auto-generate self-signed certs for testing TLS
Password protect private keys?
- Where would this password be stored?
- Keys would ultimately need to be stored on disk somewhere, and they can't be unprotected there.
Reorganize code to split client and server and a common lib
Look at KMIP. Do I want to implement this?