[drdaeman]

On a tangentially related note - I wonder, are there any OpenPGP Cards with EdDSA support with a "true" tamper-resistant HSM?

Gnuk-based tokens (FST-01, Nitrokey Start) support Ed25519 keys, but while there is no obvious security holes (i.e. debugging is disabled etc), they're most likely not safe if left unattended in hands of an untrusted third party.

[wyager]

Pretty sure the Ledger Nano S meets your criteria, but I gave up using it as a PGP card after some seriously questionable issues like the fact that pinentry would always ask for my PIN on the host machine even though I had it set to only ask on the “card”. It’s just a big mess all around. Same thing with FIDO. It only seems to work in chrome even though Firefox theoretically has support.

[Shoothe]

Firefox supports the FIDO U2F spec to the letter while Chrome requires legacy polyfill script that doesn't use the same exact API. So it's possible to support both but it's not as straightforward as it should be.

[xfer]

Nano S pinentry works fine for me; you need enable-pinpad-varlen option for scdaemon.

[05]

Nothing is safe if left unattended. It’s trivial to make a ‘proxy’ RF device that sends your PIN to the attacker and receives whatever data you would expect from your original hardware token.

[jopsen]

at the end of the day no encryption is perfect... security is all about making it harder for an attacker.

A physical device certainly raises the bar..

that said the RF proxy attack is interesting, I'm sure it's non-trivial to do, as the device has to look legitimate. Nonetheless I better wrap my laptop in tinfoil from now on :)