I'm trying to come up with an interopable crypto algorithm (by interopable I mean the ability to sign/encrypt data in c# using keys generated by JS and vice-versa).
I took ECDSA as a base as it looked modern and well-documented, I also saw sample keyUsage values, implying the encryption support (which I believe works quite well in JS).
I was able to sign/verify signatures in c# using JS generated keys, but c# ECSDA class doesn't seem to support encryption. Is this WIP on MS behalf or we should stick to RSA for encryption (As this answer suggests)?
ECDSA is a digital signature algorithm for elliptic curves.
What you're looking for is public-key authenticated encryption, which uses ECDH key exchange to establish a one-time symmetric encryption key. This symmetric key is then used to perform symmetric encryption using something like AES256 or XSalsa20-Poly1305.
It's not possible to directly encrypt data using EC crypto in the same way that it is technically possible to do in RSA (although for performance reasons, RSA encryption usually first encrypts a one-time symmetric encryption key for the recipient, and then uses symmetric encryption).
I think that NaCl's "box" is available for both C# and Javascript and is interoperable. Also see TweetNaCl (JS) and TweetNaCl (C#).