I have been using a NitroKey Pro for about a year. I use it to boot my Debian GNU/Linux laptop and a few servers I run. I use 2fa for all my personal accounts from github to protonmail etc. Of course I sign everything I push into my repos etc with it too! I have also been using Maple Mini clones or “Blue Pills” with Gnuk. I like the fact that they can use ed25519 and are 100% code based and open source. I wont touch the Yubikey since they are NOT open source!
RSA was first publicly published in 1978. PGP is from 1991! Looking around at the code in the libs feels like you took a time machine back to the 90s! Ancient crusty old code! Not to mention the keys are freaking HUGE!! My Debian dev key-ring is well over 50MB!
What I and many others like me want to see is support for 25519. I am sure you know all about the perks of 25519 when it comes to side channel attacks etc. Don’t get me started about NIST snake oil!
As you know the OpenPGP card in the NK Pro and NK Storage do not support anything but RSA. This means a mcu solution is in order. This also means firmware upgrades and a lot of flexibility. Maybe something like the STM32F427VIT6? Can lock the boot loader but enable flashing of verifiable reproducible firmware builds etc. Lots of power and room for later development too. I also do not like that there are some NDA restrictions on the OpenPGP cards. Cost about eight USD in bigger lots but you save on not having to use a OpenPGP card.
Imagine a storage version of a firmware flashable token that could do ECC such as ed25519 and also U2F. Of course 100% open source both in hardware and code.
Any chance we might see something like this in the future?