Yubikeys that can do gpg are $40 or so and have lots of other uses.
Iirc, ssh can now do file encryption with FIDO2 keys; these are $10 or so.
Definitely worth buying a pair if you are worried about security (both Trojans, where local encryption at rest can be defeated, and losing your device where it is not)
