Ask HN: Is sending passwords a good use of JS crypto?

I&#x27;ve read previous discussions on the faults of browser crypto but haven&#x27;t come away satisfied. Can anyone suggest problems with the following?<p>A security conscious web developer needs to share credentials with a client. The client isn&#x27;t adept enough to install a crypto tool. They also need something asynchronous like email - a phone call every time is too intrusive. Existing options include: 1. Email. 2. A third party service with SSL w&#x2F; PFS + server side encryption as an intermediary. A malicious service can keep a copy without detection.<p>With in-browser crypto: - Dev asks client to go to http:&#x2F;&#x2F;sendpasswords.com&#x2F;. - Client hits the link. Browser generates a PGP keypair, stores the private key in localStorage and sends the public key to the server. The client is shown a link to send back to the developer. - Developer visits link and enters a message which is encrypted with the client&#x27;s public key in browser. - Client returns to site. Encrypted message is downloaded and decrypted with key from localStorage.<p>This should be at least as good as either existing option. A few additional security assumptions: - Users know to only access the site via an HTTPS URL or HSTS settings are preloaded in their browsers. - The HTML + JS is simple, unobsfuscated, static and served in one request; subsequent data from AJAX calls is never executed or loaded as HTML. - Only browsers providing a CSRNG are supported. - The HTML + JS is open source and audited by a third party.<p>The host would have a hard time capturing cleartext without detection. They could target specific users, but third parties could periodically load the app and verify the checksums to detect any code change that wasn&#x27;t narrowly targeted.<p>So long as the audited code couldn&#x27;t encrypt the message for more than one public key, any interception would be detected when the recipient didn&#x27;t get the message.<p>Thoughts?