As a reluctant PGP user who has backed Solo Keys v2 for 4+ for personal use, and who has written Rust code in the pursuit of using PIV over OpenPGP, this answer is disappointing.
Age isn't there. It does NOT have good (read, right now, really, any) support for hardware tokens. I'm skeptical of what I've seen. And age still punts on authentication. And PIV still doesn't have decent keys at decent sizes standardized and thus is awkward to use in practice.
I'm really not convinced, and I really want to be. I wrote a bunch of forward-looking Rust, and then permanently backburner-ed it because age/yubikey just isn't there yet.
Using FIDO2 for SSH, when you're used to the portability and versatility of OpenPGP, stinks. I can use my Yubikey perfectly to do SSH and GPG in Windows. I can forward SSH agent and GPG from Windows to Linux such that it is identical in functionality to me sitting in front of my actual Linux box with my Yubikey plugged in. I have never seen that done with PIV.
I have this extreme fear that I'm going to wind up with four solokeysv2 that just sit in a drawer.
Age isn't there. It does NOT have good (read, right now, really, any) support for hardware tokens. I'm skeptical of what I've seen. And age still punts on authentication. And PIV still doesn't have decent keys at decent sizes standardized and thus is awkward to use in practice.
I'm really not convinced, and I really want to be. I wrote a bunch of forward-looking Rust, and then permanently backburner-ed it because age/yubikey just isn't there yet.
Using FIDO2 for SSH, when you're used to the portability and versatility of OpenPGP, stinks. I can use my Yubikey perfectly to do SSH and GPG in Windows. I can forward SSH agent and GPG from Windows to Linux such that it is identical in functionality to me sitting in front of my actual Linux box with my Yubikey plugged in. I have never seen that done with PIV.
I have this extreme fear that I'm going to wind up with four solokeysv2 that just sit in a drawer.