Check out this paper from 1995, pay attention to the broader concept, not the 23 year old implementation suggestions. https://www.w3.org/Conferences/WWW4/Papers2/245.html Here's a reddit post I've made about this concept: https://www.reddit.com/r/compsci/comments/a019qi/ccibased_web_security_a_design_using_pgp_1995_23/ and here's the video that reignited this idea that I've had in my head for years: https://www.youtube.com/watch?v=DM1tPmxGY7Y First, let me start out with an example about how a browser handles content. An input slider has a child element that is inaccessible from the DOM (the part that you drag). The content inside it is simply inaccessible from served javascript. If there were a new element created to relay encrypted data, the browser could decrypt them in a secure fashion. This could be used for anything from cryptocurrency in the web to messaging, really any communication of data. What it would do is remove trust from the service providing the encrypted data to decrypt it safely, and rather than having the poor ux experience of using the GPG command line, keychains could be stored with the browser. If this were a standard, it would make services like protonmail look like they're run by the NSA For inexperienced users who would resort to web-based javascript pgp decryption, it would improve security ethic by promoting an easier, safer way My initial thought was something like a closed shadow dom created by a browser extension, and though it may be possible to make decrypted text unreadable by XSS/attacker js in this way, it's not necessarily recommended, as for example the function that creates the closed shadow dom element could potentially be overridden by an attacker. This is why I think it should be built into the browser. Something like Mozilla, TOR, or the w3c would be a good starting point for a project like this. https://blog.revillweb.com/open-vs-closed-shadow-dom-9f3d7427d1af https://developers.google.com/web/fundamentals/web-components/shadowdom#closed