If it were me, I would use an AJAX-call to request the encrypted information.   The JSON encoding system (say...) can handle any sort of data.

Also, remember that if the information is being handled on the user-side, it really isn’t “secret” at all.   You really can’t keep secrets from the owner of the machine, if he seriously wants to know what they are.   You can “obfuscate” them, but that’s about it.

You definitely need to use an industry-standard algorithm and it should probably use public-key encryption.   However, the very best place to do any serious encryption, of anything that really needs protection, is in the communications hardware ... i.e. with VPN.   If you know that you are talking through an encrypted channel, you can “speak plainly” and not be understood.