Google's NaCL (i.e. NativeClient, not Libsodium-- awful overlap in terminology there) + Crypto_box + PPAPI seems to be really easy to implement as well as really secure, but Mozilla wants nothing to do with NaCL (again, the Google Native Client for Chrome/Chromium - not the DJB lib).
Edit: and that's what I get for skipping over half the posts in this thread. You specifically mentioned crypto_box/libsodium. No surprise there, you seem pretty well-informed from the 50% of the posts I did read in this thread ;). Zimmerman got it right amazingly right with PGP 20 years ago. The men and women at keybase.io are doing a great job trying to bridge the gap in the interim. Your route is the route I'm taking right now as I'm building out but with USB key and/or cell phone authenticators. Speaking of which, Thomas, in a few weeks if you have some spare time I'd love for you to look at what hopefully isn't a travesty of a product. (I minimized as much as I could re-using existing components with the intention of limiting the potential of bugs I could introduce, but Johnny's gonna have crypto soon if I have my way.)
Yes just something that implements signatures and private messages in the best way web crypto allows for. Bonus points for encapsulating the best practices rather than just documenting the footguns.
What you want instead is a library that carefully selects primitives with an emphasis on:
You want a high-level API, like I'm building for PHP 7.1, not a low-level API, like openssl, mcrypt, WebCrypto, etc.