The following would need to be implemented.

• domain.tld/s/<GUID> end-point
• encrypt/decrypt streams with read/save functions

The general idea is to allow users to, in a sense, securely upload with a passphrase and cipher provided. Furthermore, the same information must be provided to retrieve the file from the server. If an invalid passphrase and cipher is provided, the download should be rendered useless. This would all be done with crypto-stream.js.

Note: The cipher and keyphrase will not be stored with the file. The only time it will be known by the server is during the upload process since the encryption is done server-side.