Google's NaCL (i.e. NativeClient, not Libsodium-- awful overlap in terminology there) + Crypto_box + PPAPI seems to be really easy to implement as well as really secure, but Mozilla wants nothing to do with NaCL (again, the Google Native Client for Chrome/Chromium - not the DJB lib).
Edit: and that's what I get for skipping over half the posts in this thread. You specifically mentioned crypto_box/libsodium. No surprise there, you seem pretty well-informed from the 50% of the posts I did read in this thread ;). Zimmerman got it right amazingly right with PGP 20 years ago. The men and women at keybase.io are doing a great job trying to bridge the gap in the interim. Your route is the route I'm taking right now as I'm building out but with USB key and/or cell phone authenticators. Speaking of which, Thomas, in a few weeks if you have some spare time I'd love for you to look at what hopefully isn't a travesty of a product. (I minimized as much as I could re-using existing components with the intention of limiting the potential of bugs I could introduce, but Johnny's gonna have crypto soon if I have my way.)
Edit: and that's what I get for skipping over half the posts in this thread. You specifically mentioned crypto_box/libsodium. No surprise there, you seem pretty well-informed from the 50% of the posts I did read in this thread ;). Zimmerman got it right amazingly right with PGP 20 years ago. The men and women at keybase.io are doing a great job trying to bridge the gap in the interim. Your route is the route I'm taking right now as I'm building out but with USB key and/or cell phone authenticators. Speaking of which, Thomas, in a few weeks if you have some spare time I'd love for you to look at what hopefully isn't a travesty of a product. (I minimized as much as I could re-using existing components with the intention of limiting the potential of bugs I could introduce, but Johnny's gonna have crypto soon if I have my way.)