You definitely could. But I think there are more computers with web browsers than there are computers that can read encrypted Microsoft Word documents.

On client systems, PDF readers are as ubiquitous as browsers. An encrypted PDF should do the job better than Word.

Similar use case. I would not use this for anything important. If you just want to shuffle data around with something similar just use something like KeePassX, lets you attach files. Much more configurable with regards to KDF parameters and such.

But doesn't Word use CBC? Apparently from upthread that's E_ALWAYS_BAD.

Ahh, well, this is actually a field where I know a lot. Since it is my job. Let me distill up thread.

1. Don’t implement the underlying crypto yourself

2. CBC is hard to get right

3. There are a lot of esoteric attacks and if you have a nation state attacking you they could exploit them, but they won’t because they will just put some crap on your systems and do it easier.

Also this is a very simple use case to get authenticated CBC correct with. So, the real answer is “don’t do this, but it is probably okay in this one use case, assuming they didn’t implement all of this themselves (e.g the crypto algorithms themselves)

You should still listen to tptacek though. Use an authenticated crypto mode :)