I gave a talk on Cryptography in the Browser at the 2015 O'Reilly Fluent Conference. You can view and download them from Speaker Deck. Video of the talk is now available, too.
There are several sample programs my company has made available on its GitHub page:
I blogged my experiences developing the examples using the tag webcrypto:
The authoritative reference for the Web Cryptography API is the W3C Candidate Recommendation produced by the W3C Web Cryptography Working Group. You can also read their mailing list.
Harry Halpin of the W3C presented a paper on The W3C Web Cryptography API: Design and Issues at the ws://rest.2014 Workshop on Web APIs and RESTful Design. It gives background into the factors going into the development of the API.
What parts of the API does your browser support? Find out with this test page from Daniel Roesler.
All the SubtleCrypto methods return new ECMAScript 6 Promise objects. This Google Web Fundamentals tutorial on JavaScript Promises is a good place to learn more.
The API uses ArrayBuffer and ArrayBufferView objects for all data input and results. HTML5 Rocks has a lot of good articles on them:
You can convert between strings and ArrayBuffers with the new Encoding API, well explained, as usual, in an HTML5 Rocks article. If your browser doesn't yet support it, you can wait a while, or you can use this trick from Johan Sundström.
The only way to persistently store CryptoKey objects in the browser is by using IndexedDB. There's a nice tutorial by Raymond Camden available at tuts+.
Just in case using the Web Cryptography API isn't challenging enough for you, you can build PKIX solutions on top of it. The relevant standards are RFC 5280 for X.509, RFC 5652 for Cryptographic Message Syntax, and ITU X.690 for ASN.1 and BER/DER encoding rules.
Carl Mehner has a series of posters showing examples of many PKIX objects in hex form with detailed explanations of every part of their structure. Print them out big from this PDF file.
The most useful explanation of ASN.1 I've found is ASN.1 by simple words from Yuri Strozhevsky. Yuri is also a major contributor to GlobalSign's open source PKIjs and ASN1js JavaScript libraries.
Need more? Take a look at this Oracle blog post, an RSA Technical Note titled A Layman's Guide to a Subset of ASN.1, BER, and DER, and an article on ASN.1 Key Structures in DER and PEM. There's even an entire book you can download on the subject.