Public key cryptography with user-chosen passwords?

The whole point is designing a simple system where users are able to send encrypted messages between them (with support from a server).

In this scenario, clients have no local storage, so I'm forced to use passwords that users will be able to choose, remember and type when needed. (I know this weakens the whole system but this is a hard requirement)

Another requirement is that the server cannot store cleartext private keys or any other data which can be used to decrypt messages (eg: only the user can read encrypted messages, server admins should not be able to).

My approach would be to generate an asymmetric keypair on the client, publish public key on the server along with an encrypted copy of the private key (encrypted with the user password). Users can then send encrypted messages to other users, using the recipient published public key; when a user needs to decrypt a message, his (encrypted) private key is fetched on the client from the server, decrypted with the password provided by the user and then used to decrypt messages.

Does this make any sense? Is there any flaw in this system design? (apart from the weakness derived from users choosing short or bad passwords) Is this approach already used in similar scenarios?

Thank you :)