Hey, great reade about revisiting password security from bottom up.
Have a look to FIDO2 / webauthn this is typically what they try to achieve.

One issue about this approach (or any using asymmetric cryptography) is UX around backup/portability, this is where attacker will concentrate (hey look at this simplified version, enter your password here, see how great!)

Your approach does not protect against phishing. Ideally all signatures should be done on a 'secure' or at least 'd
ifferent' device (think a chrome extension for instance)