The TKey does not have any persistent memory available for applications to store things. The idea is that we measure (calculate a keyed digest using BLAKE2s) the application during loading. The keyed digest (called CDI) is used as a base secret, random value by the application to derive the secrets the application needs. The Ed25519 signer for example derive its keypair based on the CDI.

A PGP application could use this to determinstically derive a keypair.

The FW application loader will also accept a User Supplied Secret (USS), which is also used during the calculation of the CDI. This means that the keypair derived will be based on the specific TKey device, the integrity to the device application and the USS. One way to use the USS is to control which keypair to derive. For example for SSH, different USS can derive keys used for different servers.

Also, a device application may use the CDI to derive wrapping keys, and then use authenticated encryption to protect a cookie that can be stored on the TKey client machine between usage.

We are working on providing libraries and examples for app developers to do this.

And to the yes part of the answer: Yes, a TKey could talk to a PGP agent and be called upon when needed. This is similar to how a SSH agent can talk to TKey today.

https://github.com/tillitis/tillitis-key1/blob/main/doc/thre...

The current casing is fairly tamper evident (it will break), but we do not yet use real, tamper evident sealing. We are looking at tamper sealing for future versions. And ways to further protect against physical attacks.