Without taking into account the existence of the implementation of certain cryptoprotocols in js or flash, since I haven’t come across it, I can advise you to read Schneier’s “applied cryptography”. There are also key exchange schemes and other useful things. Or clarify the question, I will try to answer in more detail.

The main problem seems to me to be the key exchange, or rather user authentication. In your case, it seems to me that in order to authenticate all authorized clients, you either need a trusted third party to store certificates; or possession of some common secret information in advance, before the start of communication over an insecure channel; or direct access to each other, without a server, to minimize the possibility of compromising the communication channel.
As I see it, although, of course, I could be wrong.
1. A trusted third party must publish the client's certificates or public keys. You can use ssl.
2. General information, this is exactly the key of symmetric encryption, or the private key of asymmetric, or any other secret information, proof of possession of which will allow the client to be authenticated.
3. An alternative communication channel that will allow authorized users to exchange keys without an intermediary in the form of a server.
And then the user simply encrypts the information and places it on the server.

If all users use Firefox, then one of the add-ons designed for encryption can be used .

If the data on the server is only stored and does not require decryption, then on the client you encrypt with anything using the password / key specified by the client, transfer it to the server. It will be difficult to decrypt without the key. The client receives the encrypted information back, enters the key and decrypts it. The key is naturally not transmitted to the server.
For example www.mozilla.com/en-GB/firefox/sync/ does this.

Transfer key via p2p?