This webapp is for public-key encryption. The example usage is that Alice inputs a password and gets her public ID (her public key). Then Bob can encrypt a Message for Alice's ID, and the Encrypted Message can only be decrypted by Alice via entering her Password. Even if Alice and Bob communicate over an open channel, with Alice sending Bob her ID and Bob sending Alice the Encrypted Message, no one can make out Alice's Password or Bob's Message.
Now, for the technical security details of the webapp. This webapp implements public-key encryption via Elliptic Curve Cryptography with 256-bits of security, using the ECIES algorithm, as described in this Crypto Stackexchange answer. Curve25519 is used as the Elliptic Curve. The private key a of the receiver Alice is the PBKDF2 digest of her password, using 10000 iterations and a 256-bit salt. The private key b of Bob is a securely randomly chosen 256-bit number, which is done using the CPRNG window.crypto.getRandomValues. The encryption used for the message is AES using the GCM mode. The hashing used for Bob's Message is SHA256 with a 256-bit salt.
Finally, there are only two main vulnerabilities for this webapp. The first is that the user might use a password that's too simple, such as "password". To circumvent this, a secure random 128-bit password is provided by default. At the very least, a password with 50-60 bits of entropy is recommended. The second main vulnerability is a Man-in-the-Middle attack. While this webapp uses Authenticated Encryption to protect against the tampering of messages (i.e. changing around the letters of the ID or Encrypted Message will result in decryption throwing a "Password does not match!" error), it does not protect against a middleman outright switching your communications for something else. For example, if Alice sends Bob her ID through the middleman Mallory, then Mallory could give Bob her ID instead, which would mean that Bob encrypts his message for Mallory thinking he's encrypting it for Alice. Basically, this webapp only guarantees safety against eavesdroppers. In order to have protection from a man-in-the-middle attack, Alice should give Bob her ID through a secure channel beforehand.
This webapp was made by Ajay Shanker Tripathi, and is released under the BSD 3-Clause license.