TODO

There's lots of things to add.

TLS
- Autorenew this with an ACME server (eg, Boulder; use the Lego library)
- self-host the Boulder server & add the main CA pubkey to the client
- Work with self-signed stuff for now tho
Authentication
- Give each client an API key
- Limit decryption keys that client can access?
Admin UI on the server
- Manage client accounts
- Import public keys
- Add/Remove keys
Private Key autorotation
PGP Public Key Server
- a la keys.openpgp.org
- two servers? one public (company pub keys), one internal (customer pub keys)
Encryption groups
- Add a number of public keys to a group. When the client encrypts to a group, use all the keys.
- Auto-remove expired keys from groups