EC key support (piv-agent compatibility)

[Tomaszal]

Are there any reasons why only ed25519 keys are supported? It would be great if EC keys were supported as well. In particular I'm asking this as I would love to be able to use SSH keys generated by piv-agent for sops-nix, which are of ecdsa-sha2-nistp256 format. It's so far in my opinion the most practical (in terms of the balance of simplicity, functionality and security) way I've found to use hardware keys for development.

Of course, I could also use the GPG keys generated by piv-agent for sops-nix. However, I'd really prefer to avoid GPG when possible, which I think you can understand considering you seem to agree that "GnuPG is in general not great software".

There is also age-plugin-yubikey, however, that doesn't seem to be able to use PIV keys generated by piv-agent, which would require creating more PIV keys on other slots. While that isn't too big of a deal, it also seems that age-plugin-yubikey cannot run while piv-agent is active, as the PIV device is busy. That means that piv-agent would have to be stopped every time a file needs to be encrypted or decrypted, which is really inconvenient.

So I thought converting the ecdsa-sha2-nistp256 keys generated by piv-agent using ssh-to-age would be a perfect solution to this problem. Would it be possible, or are there some technical limitations?