Even if this wasn't browser Javascript and thus totally boned, it think it would still be pretty boned. I'll send a neat looking laptop decal to anyone here who spots any of the flaws in this cryptosystem.
But it is written as browser Javascript and is thus totally boned. Here's my attempt to be exhaustive about why:
Off the top of my head, reasons why this appears broken even if it didn't use Javascript:
The passphrase almost certainly doesn't have 1024 bits of entropy in it, and since they describe it as "used to repeatably generate this RSA key", they can't have introduced any additional entropy. And indeed, they just use the SHA256 of the passphrase to seed a PRNG.
They claim that a PublicKeyID "can be used to uniquely identify Sam's public key". Fingerprints help identify keys more easily, but certainly not "uniquely" since they don't have as many bits as the key; pigeonhole principle.
Worse, the PublicKeyID uses MD5.
They use a public exponent of 3, rather than the usual 65537 or larger. It looks like they might protect against small-exponent attacks, but I don't have enough expertise to know that for certain, and in any case this seems like a bad idea.
Neither cryptico nor the rsa-sign library they use mentions anything about HMACs; I haven't dug into the code to figure out if they actually use one or just use a hash directly.
I don't think this code protects against even the e=3 broadcast attack, because it doesn't verify the padding (as someone downthread noticed; I owe him a sticker now too).
Of course, not verifying the padding also means the signatures are straightforward to forge.
(Ping me with a shipping address and I'll send you swag).
But it is written as browser Javascript and is thus totally boned. Here's my attempt to be exhaustive about why:
http://www.matasano.com/articles/javascript-cryptography/