I always feel embarrassed when I see government systems that use digital signatures infrastructure. Usually, a government website has their own web application through which you input your private key and your password. Sure, usually those applications use standard libraries that do computations locally. But how do I know this? If such a website is hacked – my private key will be exposed.
Sorry, what? Can you point me to some examples, because this sounds so crazy. Why would you ever upload your private key to a server? Sounds like security theatre to me...
I mean hackers could change the code of the website so that private keys will be uploaded without noticing by users.
1. Government forces you to jump through hoops with some collection of favored — sorry, I meant “authorized” — vendors who can issue you a certificate for $WTF (either paid directly or through your taxes...).
2. You are provided with the private key in some manner. Hopefully not in your email, but that’s often what happens.
3. Whenever you want to validate yourself to the service, the government website then has you upload that private key to use in their own homemade implementation of JavaScript PKI. Sometimes they actually take the key from you and send it to their server to do the work.
... I think we are both in agreement that this is pretty lousy. And if you’re seeing it in Ukraine, it’s a world-wide “security” model. Maybe someone else here on HN can explain the thinking that went into these sorts of implementations...