I tried to use Gnuk (Nitrokey Start) keychain with Ed25519/Cv25519 keys to secure SSH setup using gpg-agent's --enable-ssh-support option to let it talk the ssh-agent protocol with ssh and ssh-keygen.
This works very well for signing authentication tokens (ssh public key authentication) but it turns out signing anything larger than 255 bytes fails.
This results in ssh-keygen -U … invocation failing with:
Couldn't certify key ssh_host_ed25519_key.pub via agent: agent refused operation
I traced down the passing of payload to be signed through gpg-agent to scdaemon:
< SETDATA <hex-payload>
< PKAUTH OPENPGP.3
> scdaemon: app_auth failed: Invalid value
> ERR 100663351 Invalid value <SCD>
and further down to iso7816_internal_authenticate() and apdu_send_le() in scdaemon itself.
What I find baffling is that the payload is at not point hashed (SSH Ed25519 uses SHA-512 pre-hash as per rfc8709) so it seems it's sent to the keycard in full.
Furthermore PKAUTH command isn't documented in [[ https://www.gnupg.org/documentation/manuals/gnupg/Scdaemon-Protocol.html | Scdaemon manual's protocol section ]].
Since GPG can generally sign larger amounts of data I suspect this issue is due to gpg-agent or opensc mishandling the card rather than inherent limitation of Gnuk tokens.
Specifically I think it should be possible to pre-hash the payload in gpg-agent and ask smartcard to use signature version without pre-hash. (I haven't been able to find OpenPGP SmartCard specification covering Ed25519 to ascertain that is the case though.)