Thank you very much for the link, I missed that discussion. I had no idea the security of OnlyKey was so terrible, in light of this I will stop recommending it.

I'm really excited about the next SoloKey coming out soon.

Thank you for the alternative. Sadly it doesn't support SSH or GPG keys, does it? That was one of the selling points of the OnlyKey for me (and it being open source of course).

Based on their blog post they are working on supporting PIV / PKCS#11 which would support SSH Keys and AES operations.

https://solokeys.com/blogs/news/update-on-our-new-and-upcomi...

[Edit removed it to be more specific]

I'm not sure if they will support those yet. I could never get SSH working well, whereas SSH with U2F works perfectly (and they do support that). I'm guessing they will add GPG key integration, as once the key can perform crypto operations, it's just a matter of host software.

Make sure you read down on this thread https://news.ycombinator.com/item?id=21884184 there is a lot of misinformation in the top posts that are completely debunked if you read down. Like someone said OnlyKey is an Arduino which its not and that it doesn't have hardware security which it does. You can find full list of hardware security features here - https://docs.crp.to/security.html