The W3C Web Cryptography API may be able to help. Can I use indicates modern browsers now support it.

For additional digital signature support, look at GlobalSign/PKI.js

PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins. http://pkijs.org

Found great signing tool. It implements RSA-SHA1 (works perfectly) and RSA-SHA256 (works strange), and allow both to generate signature using private key and to verify signature using certificate.

Web Crypto appears to be the answer. Here is a tutorial (not mine). As for the comment, if you are using https, why do you need signing - these are needed for two different purposes. In infosec lingo, the former gives confidentiality and the latter non-repudiation.

I've gone down the same road as you, you're probably better off implementing something like oAuth.

The problem with what you're proposing is that there's absolutely no reliable way of storing the private key on the client machine, nor of now securely getting the public key back to the server other than HTTPS (and if you're using HTTPS, what's the point of this?)

If you really want to continue, there are some implementations out there: http://shop-js.sourceforge.net/crypto2.htm

And you probably want something horribly annoying like PersistJS (http://pablotron.org/?cid=1557) to try and save the private key as long as possible.