I am working on a web application enabling users to communicate over private messages which is just one part of the whole system. The main focus during my development process is to protect the privacy of my users, I think this should be one of the main responsibilities for every software developer. Especially when you think about the harmful data leaks over the last years.

I've read a lot of articles about end-to-end encryption and that famous messaging apps like Whatsapp use end-to-end encryption to protect their users privacy. I want to achieve that my server and my application have zero knowledge about the contents of messages being transmitted.

When you have applications which are installed on the users device I know theoretically how to store and protect the private keys on the users device. But in my special case, there is going to be no executable installed on the users device. They are accessing the web application over their browsers and a secured https connection. This fact causes me quite a headache. I can't even imagine how to store the private key permanent and secure in this client side environment. So I thought about storing the keys in a secure way on the server, but this is a contradiction to my mind, when thinking about that I have to assume that a potential adversary takes over the control of my server, database, ... the whole machine while everything is running and the "key vault unsealed".

I opened a question on StackOverflow a couple of days before if you want to read more about my way to desperation. Protecting application secrets like encryption keys and other sensitive data. After a long discussion I was referred to this Cryptography Forum of StackExchange.

So I want to ask you without focusing on any special programming language: "Where and how to store private keys in web applications for private messaging with web browsers?". Thanks in advance!