Thanks @t11, that’s a big help. Looks good, and answers the question that ultimately using the standard gpg utility is possible.
Based on the fact you can’t export a derived private key from the Onlykey then using stored keys is probably the way forward for me, but hopefully the updated documentation helps others so appreciate you taking the time out there.
Is exporting derived private keys a use case you would consider supporting, or is it a security consideration? I like the convenience of using the Onlykey to derive key pairs offline and using the unique RNG but can’t stomach having reliance on the device to store all private keys. Not without a separate backup that doesn’t rely on Onlykey should you not be able to get a replacement. Something like paperkey (GitHub - dmshaw/paperkey: Print an OpenPGP key on paper for archive and recovery) or an encrypted offline backup if useful to mitigate this risk.
NOTE: under some of these new sections you’re referring to ~/.gnupg/trezor (which I know the agent is forked from) but so users don’t misunderstand or get confused it’s probably worth updating to ~/.gnupg/onlykey
– BVS