Razvan Dragomirescu:
Thanks Evan for the .onion links, I'll take a look. I'm still collecting data, testing hardware, etc. BTW, one of the cheapest options for this is http://www.ftsafe.com/product/epass/eJavaToken - $12 at http://javacardos.com/store/smartcard_eJavaToken.php . Unfortunately it has a bug that prevents OpenPGP from running (something to do with signature padding, I didn't look much into it). My plan is to write a very small JavaCard-based applet to load onto the card - that only does RSA key generation and signing, nothing else. Easy to write and easy to audit.
You can write it yourself but a working solution is already there. It's possible to flash Java applet to almost any common jcard (they're pretty cheap). Have a look at the nice guide by Subgraph team [1]. For the purpose of digest signing you can easily modify the applet to have more than two signing keys (keep in mind that there are some card limits).
[1] https://subgraph.com/sgos/documentation/smartcards/index.en.html -- Have fun, Ivan Markin