Razvan Dragomirescu:
Thank you Ivan, I've taken a look but as far as I understand your project only signs the HiddenService descriptors from an OpenPGP card. It still requires each backend instance to have its own copy of the key (where it can be read by an attacker). My goal is to have the HS private key exclusively inside the smartcard and only sign/decrypt with it when needed but never reveal it.An attacker should not be able to steal the key and host his own HS at the same address - the address would be effectively tied to the smartcard - whoever owns the smartcard can sign HS descriptors and decrypt traffic with it, so he or she is the owner of the service.
Yes, it still requires to have plain keys for decryption of traffic on backend instances, sure. But you're not right about key "stealing" (copying). An address of a HS is calculated from key which is signing descriptors. This key resides on a smartcard. It's already "the-address-would-be-effectively-tied-to-the-smartcard" situation there.
I do not see any reason to decrypt traffic on a smartcard; in case if an attacker can copy your backend key there is no need to decrypt anything - they already have an access to the content on your instance. Also backend instances' keys are disposable - you can change them seamlessly.
P.S. Notice about bandwidth issue when you're decrypting all of the traffic on a smartcard (half-duplex, etc.).