I want built-in end-to-end encryption in browsers integrated with FIDO and hardware security keys

I want browsers to provide a first-class, built-in API for end-to-end encryption that integrates natively with FIDO2/WebAuthn protocols and hardware security keys such as YubiKeys or platform authenticators.

Today, building end-to-end encrypted web applications requires developers to ship and maintain JavaScript cryptography libraries, manually manage key derivation, and figure out their own strategies for securely binding encryption keys to user identity. This is complex, error-prone, and places a heavy security burden on every web developer who wants to offer E2E encrypted messaging, file storage, or data exchange.

FIDO2 and WebAuthn already allow browsers to perform strong authentication using hardware keys and biometrics. What is missing is a complementary encryption layer that ties into the same trust anchors. A native browser API could:

• Derive encryption key pairs directly from a FIDO/WebAuthn credential or hardware key, so the same device-bound authenticator used for login is also the root of the user's encryption identity.
• Encrypt and decrypt payloads using browser-managed keys, keeping private key material inside a secure enclave or hardware token and never exposing it to JavaScript.
• Enable key exchange between parties using established protocols (e.g., X3DH, Diffie-Hellman over ECDH) without requiring developers to implement cryptographic primitives by hand.

This would allow web applications to offer end-to-end encrypted communication with the same level of confidence as native messaging apps, while reducing the attack surface dramatically. The server would never see plaintext, and the private keys would be protected by hardware if a security key is present.

The web platform already has the Web Cryptography API and WebAuthn. A higher-level, integrated E2E encryption API built on top of those primitives -- with explicit FIDO binding -- would fill the remaining gap and make secure-by-default web applications genuinely achievable.