A contact form that is hosted on a HTTPS protected website already does the job. The main difference is that it is usually (but not necessarily) only transmitted encrypted, not stored in encrypted form.
Here's a tip: If you generate an email from the content of the contact form anyway, why not make it an encrypted mail? It's rather easy if you use mailx from the heirloom-mailx package that is part of Debian, Ubuntu and probably a lot of other Linux/BSD/UNIX distributions. Here are the required steps:
In ~/.mailrc:
set smime-ca-dir=/home/user/smime
set smime-ca-file=/home/user/smime/1_Intermediate.crt
set smime-encrypt-user@example.com=/home/user/smime/2_user@example.com.crt
Then every mail sent to user@example.com using "mailx" will be encrypted using S/MIME.
Got no local MTA installed? You can make mailx send the mail directly via SMTP:
$ echo mail body | mailx -s "subject" -S smtp=mail.example.com:25 -S smtp-use-starttls user@example.com
That's still vulnerable to coldboot style attacks. If the data is never unencrypted unless you're readining it that's technically safer. But yes you are right that would work as well.
Hawkpost (the project introduced here) is also vulnerable to a coldboot attack - if the server that sends the page with the javascript is compromised, all bets are off.
You need to trust the server at some point. Assuming you do then it doesn't matter if the at-rest encryption is done in the browser or on the server.
I'd be happy with HTTPS upload and PGP encryption before writing to disk or forwarding. I think the biggest risk of a secure upload server is a vulnerability exposing a disk full of secure content in the future.
Not a bad idea, but this isn't a thing browsers currently do, and the average person can't do that with ease. Especially considering this web app is aimed at non-tech savvy individuals.
Here's a tip: If you generate an email from the content of the contact form anyway, why not make it an encrypted mail? It's rather easy if you use mailx from the heirloom-mailx package that is part of Debian, Ubuntu and probably a lot of other Linux/BSD/UNIX distributions. Here are the required steps:
In ~/.mailrc:
Then every mail sent to user@example.com using "mailx" will be encrypted using S/MIME.Got no local MTA installed? You can make mailx send the mail directly via SMTP:
$ echo mail body | mailx -s "subject" -S smtp=mail.example.com:25 -S smtp-use-starttls user@example.com