Try a layered approach, map the [usb] device/daemon, io protocol, and crypto components with their functions, to the best of your knowledge. identify prefered and alternate software, review those docs for data (including "See Also" section of man pages) to fortify your component, function, and data flow mapping, revise and repeat. Unfortunately, this is often a prerequisite in a specialized context, with procedural privacy required, so non-standardized solutions often prevail.
These are the tools I would start with:
netpgp
security/netpgp (netbsd and pkgsrc)
security/netpgpverify
security/pcsc-tools
security/pcsc-lite
Besides man pages wikipedia is helpful, eg: OpenPGP_card and Smart_card; and despite the absence of reason, LLM can be helpful to: Describe the high level steps required to leverage the installed tools netpgp, netpgpverify, pcsc-tools to verify signature, sign, encrypt and decrypt files based on smart card and OpenPGP cryptography.
Attached here is a llm artifact that may serve as a faq and meet your needs? Please confirm!
Notable, netpgp seems to rely on pcsc-tools, verses bundling card management functionality in. Matter of style in absence of a single standard...
--