I like those, but I really really want something which can do bt 4.0le with an existing pairing (stronger than just bluetooth 4.0 le security, though) between my host (ideally, mac/win/linux desktop/laptops, also phones) and the device, with some level of on-device logging, access control, etc.
A type 2 pinpad + openpgp smartcard might be the best practical thing right now -- a PIN on the card, plus a passphrase from the host (I think you can require both?). Type 3 showing a hash of what you sign, or a serial number of number of signs, would be even better.
The GPF cryptostick (usb) is also nice -- I think you could also take the Werner smartcard and cut it down to a smaller size for a USB stick sized reader. Sadly GPF stick 1.2 is out of stock everywhere.
Yeah, I guess I just don't trust smartcards all that much from a hardware security perspective, vs. modules with battery inside a metal envelope. I'm sad Maxim/DS killed the Crypto iButton line -- it was a great compromise between smartcard cost ($20-30) and HSM physical security. The software was never great, though.
Yeah, I think it is prudent to be extra cautious of any black box which is security specific, from closely government connected vendors (staff, sales). A CEO would probably be sued by shareholders, or even go to jail, for refusing an extralegal polite request from their 95% customer. (Gov and gov connected banking) to back door devices going to public enemies.
The solution is end user verifiable designs. Harder with hardware, but there have to be ways to do it. The risk is highest for single purpose vs general purpose devices. If safenet hsms aren't owned as fuck, I'll eat one.