The W3C Push API has been updated by @martinthomson to allow developers to include a payload with the push messages they send. Such a payload must be encrypted, because the push service effectively is an untrusted intermediary.

The W3C bits are defined in https://w3c.github.io/push-api/

PushSubscription.getKey(type);  // "p256dh" or "auth", returning an ArrayBuffer
PushSubscription serializer;  // includes the keys, base64url encoded, in the JSON
PushMessageData
PushEvent.data

The client-side JavaScript will normally not be exposed to the encryption requirement - this is done by the application server. The data available in PushEvent.data will have been decrypted already.

The encryption routines themselves are defined in the following two IETF drafts:

• https://tools.ietf.org/html/draft-ietf-webpush-encryption
• https://tools.ietf.org/html/draft-thomson-http-encryption

Chrome and Firefox are both eager to ship.

/cc @mvano