I'm using webcrypto, not PGP/GPG.
I would like to use a key pair to create a "subkey" that is authorized by my primary key in a way anyone can publicly verify so I don't need to expose the primary key's private component to any web-facing systems.
My idea is to:
- primary key signs a hash of subkeys public component
- then use the subkeys private key (proving it has access) to encrypt this signed blob
Verification would be:
- use the subkey public key to decrypt the signature
- use the primary key’s public to verify the signature.
Would this be safe? Do I need to ad any tamper protection (AHEAD/HMAC)? I'm interested in an answer for both ECC and RSA.
