Just a small suggestion to improve the security a bit. To prevent prying eyes (or screen recording software) from seeing the password, it would be best to
Remove the paperencryptpassphrase div.
Set the paperpassphrase input type to password
Add another input to confirm the passphrase to avoid the user making a typing mistake.
On the plus side, by using a password input if someone makes a non-HTTPS rehost of the website, the end user will be warned by their web browser that it is not secured.
Just a small suggestion to improve the security a bit. To prevent prying eyes (or screen recording software) from seeing the password, it would be best to
paperencryptpassphrase
div.paperpassphrase
input type topassword
On the plus side, by using a password input if someone makes a non-HTTPS rehost of the website, the end user will be warned by their web browser that it is not secured.