[wyager]

Pretty sure the Ledger Nano S meets your criteria, but I gave up using it as a PGP card after some seriously questionable issues like the fact that pinentry would always ask for my PIN on the host machine even though I had it set to only ask on the “card”. It’s just a big mess all around. Same thing with FIDO. It only seems to work in chrome even though Firefox theoretically has support.

[Shoothe]

Firefox supports the FIDO U2F spec to the letter while Chrome requires legacy polyfill script that doesn't use the same exact API. So it's possible to support both but it's not as straightforward as it should be.

[xfer]

Nano S pinentry works fine for me; you need enable-pinpad-varlen option for scdaemon.