[captainmuon]

While we're at it, is there one that:

- Lets me store certificates and PGP keys

- Has two factor authentication (U2F)

- Has open hard and software (source-available)

Basically, a USB pen drive that allows U2F, and is can be made read only (either by a switch or only writable over a special interface). I don't really need tamper-resistance, pre-generated keys, smart cards or any other advanced features.

[epistasis]

The difficulty with PGP keys, is that the most common implementation, GPG, wants complete control of the device and does not let it be shared so that other interfaces, like PKCS# can be used. So if you want something for both GPG and other purposes, it really needs to present as two separate devices, or you need to go hacking a branch of GPG. When I looked into doing this, it seemed that upstream would not be interested in interoperation with other smart card standards, so it may not get accepted into upstream.

At least that was my experience. If somedbody can correct me, I'd be incredibly grateful.

[roman_zeyde]

I can suggest using TREZOR and Ledger Nano S hardware devices for common GnuPG operations, e.g. signatures and decryption.

Please take a look at https://github.com/romanz/trezor-agent/blob/master/README-GP... for more details.

Disclosure: I am the main developer of this project.

[captainmuon]

Huh, interesting. I didn't even know GPG could handle devices as such. I was just looking for a device that holds my key files (like for email, ssh, ...). Would of course be great if you could hand the device some plaintext and it would encrypt it without the key leaving it, but I didn't even think about that to be honest. But it makes sense :-).

[Nexxxeh]

Boot time and physical size might prove to make it unwieldy, but could you use a Pi Zero in a gadget mode with OTG?

You can have it emulate USB HID, so presumably U2F would be workable, and it'll do USB Mass Storage too.

Open hardware and software.

[drdaeman]

Unless you install some TPM module, RPi itself has no tamper-resistant storage and has DFU (so, basically plug it into a wrong device and it'll be able to run arbitrary code, pulling all secrets).

An FST-01 is a somewhat better choice, but Gnuk doesn't implement U2F. If someone has enough time and knowledge I don't see why it won't be possible to add it, though.

[Nexxxeh]

Parent-poster said tamper-resistance wasn't an issue in their usage case.

But are you sure it'll DFU over USB?

If so, for avoiding DFU, could you use some simple hardware to disable the data lines on the OTG port until the Pi had finished booting?

Could one use an i2c or spi based crypto chip for key storage?

[drdaeman]

Actually, no. I think I have confused RPi with some other board.

Don't have Pi at hand to test for sure, but searching online can't find mentions of USB DFU. I think I may be mistaken.