api:
 mua:
  ebody=encrypt(headers,body)
  body=decrypt(headers,ebody)

  auth=sign(headers,body)
  ok=verify(headers,body)

 key db:
  key=getkey(to,from)
  storekey(to,from,key)


 encdecbackend:
  .smime:
  % is a file
  $ is inline
  | pipes

  vars include:
   key.pri = private key
   key.pub = public key
   key, key[0] = my key
   key[n] = is target n's key
   password = password # how do we handle this?
   in = input
   out = output
   %% = literal % 
   || = literal | 
   $$ = literal $

???? dont read this this is just garbage notes until i understand what keyfiles
and cert files are exactly

sign = /usr/bin/openssl smime -sign -inkey %keyfile -signer %certfile -certfile %othercertfile -in %input | $output