If you and a friend have a shared secret passphrase—either because you agreed on it offline or because one
of you communicated it to the other with the other's public key—you can communicate directly
with each other with password-based encryption using AES. This page uses the
crypto-js implementation of AES and produces a base64-encoded
PKCS#7-padded AES-256
CBC-mode cipher
that can be pasted into an email or into a chat, or even safely posted to a public forum. It can be decrypted only
by someone who knows the passphrase. They can decrypt it using this page, or openSSL
(openssl enc -d -aes-256-cbc -a -in infile -out outfile -pass pass:"secret passphrase" ~with some older
versions of openssl—e.g. the ubiquitous 0.9.8—infile might need a trailing linefeed for the -a option to work), or javax.crypto.Cipher,
or any other decrypter that can handle the format. If you get an empty string on decryption, chances are you entered a bad passphrase, unless your
friend—rather pointlessly—sent you an empty message.
All processing happens in javascript on the client; nothing is stored or sent anywhere. Check the javascript source. Check your local storage, session storage, and cookies. But if you're feeling really paranoid about possible phoning home because of all that minified crypto-js code, disconnect from your network before entering your passphrase or encrypting. Even better: throw wireshark across that connection and watch the (relative) silence. Then quit the page and let the RAM-resident ephemera vanish into your heatsink.