[doomslice]

Founder of StellarGuard here, so sort of in the same realm. Just wondering what additional features you'd want out of such a hardware token. Would it need to do the actual signing of transactions on the device for you to feel secure with it, or would generic U2F (Yubikey) + signing on the software be sufficient, assuming we could do it securely?

[jillesvangurp]

Yes, that is the point. Basically you have to work under the assumption that your laptop may be compromised. So anything that exposes private keys to it is going to end up leaking those keys. With the ledger you approve transactions on the token. You configure it from a paper backup or by letting it generate a private key for you and you use it to sign transactions.

[jki275]

Signing on the hardware is pretty much the only way to safeguard the keys. PCs and phones have an attack surface much too large to properly secure.