[munchbunny]

Your solution doesn't survive a real-time attack on a local machine compromise (wait for you to enter the PIN and then opportunistically use the private key). It only makes doing so harder by automatically re-locking the key.

That said, your system is well past the point of "password storage is no longer the most economical surface to attack".

[woadwarrior01]

Occasionally entering the PIN + Physical touch on the Yubikey for every decryption call. Since the private key never leaves the Yubikey, every decryption needs a physical touch.