A smart card provides several advantages over a traditional file-based secret key:
- Once your key is loaded to a card, it cannot be extracted. Even if you're on a compromised machine, an attacker can't get your key.
- Crypto operations occur on the card itself. Even if you're on a compromised machine, an attacker can't install trojan softare on the smart card. The integrity of the operations is protected.
- The cards contents cannot be duplicated, providing true two-factor authentication. Compare that to storing your keys on a USB drive that can easily be duplicated.
- The card features a self-destruct option that makes brute-forcing impossible. If you enter an incorrect pin 3 times, the card locks. If you enter the incorrect password three times, the card self-destructs. This means you no longer need a 40 character password to be secure. (Note, the 'self-destruct' simply wipes the card's memory. It can be reset to factory defaults and re-used. You just need to re-load or re-create a key)
- The card can be used for ssh authentication, giving you two factor authentication to any sensitive servers you may ssh into.
This package consists of:
- 1 OpenPGP v.2 SmartCard http://www.g10code.de/p-card.html
- 1 SCR-3110 Reader http://www.scmmicro.com/products-services/smart-card-readers-terminals/smart-card-reader/scr3310.html#c590
I've personally used this combo on Linux, Windows, and OSX without any issues.
Price also includes priority mail shipping anywhere in the US, and technical support if needed.
[Note: These cards only support 2048-3072 bit RSA keys. If your existing keys are DSA and ElGamal, or RSA-4096, you won't be able to transfer them to the card.]