I think it’s technically possible to do it in a sane way. I don’t know if it currently exists in any form (I guess it kind of does for U2F keys / client side certificates?) but your browser itself could manage encryption keys, or could interface with hardware keys to sign messages. Then the JavaScript never gets to see the keys and could just request that you sign something (and presumably you need UI to know what you’re agreeing to sign in the browser so you don’t have to trust the random JS about what it wants to sign). It sounds like a perfectly reasonable browser feature to me, especially in an era of passkeys and stuff.

Of course it wouldn’t be worth implementing in the browser just for Lemmy, and there’s other problems like syncing keys (maybe you’d just sign your other keys to establish trust)… But such an API would be useful for other situations too (e.g., signing commits on github). Cryptographic signatures seem really niche, but people use them all the time behind the scenes, and I think it’s something that would actually be really useful to inform the general public of more… They kind of solve problems that I think most people would think are impossible to solve. I mean, obviously we’re not going to throw normal people at GnuPG and call it a day, but with some communication and UI effort I think they could be a valuable asset for society.