What would you suggest to keep private key material in a safe place? There are rumors that even material stored as not extractable in Nitrokey Pro still can be extracted by side channels like electromagnetic emission.
Would running all Internet communication end points on low powered Cortex A7 (immune to Spectre) single boards with a NitroKey like device help? May be need to add optical convertors here to avoid a long Ethernet antenna? Can Nitrokey Pro be used to keep SSHD private key on a server running OpenBSD? On Linux it seems to be possible: https://support.nitrokey.com/t/can-nitrokey-pro2-be-used-in-openbsd-with-ssh-and-gpg/2347/16 Please confirm if Nitrokey Pro can be used on OpenBSD current or 6.7 for keeping both client and server private keys ?