There should be a way to make brchd encrypt everything with a public key before uploading it. This is useful if the server that is receiving the upload is not trusted and the data is eventually downloaded by a trusted system.

We explicitly do not care about the authenticity of the sender, so it's sufficient to do something along the lines of:

use sodiumoxide::crypto::secretstream::{gen_key, Stream, Tag};
use sodiumoxide::crypto::box_;

let filekey = gen_key();
let (mut enc_stream, header) = Stream::init_push(&filekey).unwrap();

// this key doesn't matter
let (ourpk, oursk) = box_::gen_keypair();
// normally theirpk is passed as an argument
let (theirpk, theirsk) = box_::gen_keypair();

let nonce = box_::gen_nonce();
let ciphertext = box_::seal(filekey + header, &nonce, &theirpk, &oursk);

// write(nonce)
// write(len(ciphertext))
// write(ciphertext)

let ciphertext = enc_stream.push(msg1.as_bytes(), None, Tag::Message).unwrap();
// write(ciphertext)

The first crypto_box that we open contains metadata, we may want to switch to an extendable format like json so we can use this to encrypt the filename as well in the future. Preferably we would use something that can handle binary better than json does.

For decryption we would read the nonce, then the length of the crypto_box and then the rest of the file in CHUNK_SIZE + crypto_secretstream_xchacha20poly1305_ABYTES chunks until we reach the end.

The cli interface to decrypt individual files is trivial, we need to come up with something for folders though since they may mix both encrypted and unencrypted uploads. We could consider adding a magic header that we test for, in addition to a file extension.

There should be an option to prioritize smaller files.

It should be possible to restrict the spider to only process the child elements of an element that is selected with a css selector.

We can't encrypt in all cases beforehand as described in #3, so the http daemon should also be able to encrypt every upload received with a preconfigured public key.