[epistasis]

The difficulty with PGP keys, is that the most common implementation, GPG, wants complete control of the device and does not let it be shared so that other interfaces, like PKCS# can be used. So if you want something for both GPG and other purposes, it really needs to present as two separate devices, or you need to go hacking a branch of GPG. When I looked into doing this, it seemed that upstream would not be interested in interoperation with other smart card standards, so it may not get accepted into upstream.

At least that was my experience. If somedbody can correct me, I'd be incredibly grateful.

[roman_zeyde]

I can suggest using TREZOR and Ledger Nano S hardware devices for common GnuPG operations, e.g. signatures and decryption.

Please take a look at https://github.com/romanz/trezor-agent/blob/master/README-GP... for more details.

Disclosure: I am the main developer of this project.

[captainmuon]

Huh, interesting. I didn't even know GPG could handle devices as such. I was just looking for a device that holds my key files (like for email, ssh, ...). Would of course be great if you could hand the device some plaintext and it would encrypt it without the key leaving it, but I didn't even think about that to be honest. But it makes sense :-).