Comment by pastage

Using standard CalDAV it should be possible to encrypt parts of it. And just have a local proxy that decodes/encodes. e.g. Having fields like this:

  DESCRIPTION: not secret
  DTSTART:with week
  X-mydata: 
  ENCODING=Ascii85;FMTTYPE=application/octet-stream
  <~6q($A;Fs\a8P`)B+EM+(Eb0>"6r[)a5uLZCGA2/4+D>\9EcVQ~>

and then just decode that and replace the X-mydata with the decoded data:

  DESCRIPTION: secret
  DTSTART: with hours

perhaps support for removing existing fields that is in the encrypted blob as well, if you do not need state in the encryption it should be good. I do not know how to create a good encryption protocol so I am sure there are lots of stupid ways to mess this up. I only need to encrypt the content of my description and time I never need to hide that I created a meeting when I had a meeting with a Spy from the NSA.