Hint: You are not the first person to notice that crypto can be done client-side in Javascript. There are very good and not-obvious reasons why this is not done.
Basically, the server you're talking to, as well as any resources on that page, can undermine your javascript primitives and render your crypto useless (or just backdoor it).
If you trust the server to not backdoor your crypto... you can just trust the server to _do_ the crypto in the first place.
There is an effort underway to build better crypto APIs into browsers, but I'll bet you a bitcoin that it's super easy to fuck up the implementation of and most end up being insecure, and/or nobody ends up using it after all.
I read that article as explaining why a web application can't do crypto with javascript. As someone that knows almost nothing about browser extensions, can you elaborate on why one isn't a good idea for chrome?
The sections "How are browsers hostile to cryptography?", "What systems programming functionality does Javascript lack?", "What else is the Javascript runtime lacking for crypto implementors" cover issues you would encounter with browser extension cryto.
Ah yeah. I believe the usual terminology is such that "extensions" are javascript and "addons" are something native. You could probably do cryto well with an addon.. to the extent that it is possible to do an addon at all properly (honestly I have no idea there).
