I'm not really familiar with digital signatures.
Let's start with that, then.
A digital signature is used to "sign" "something" to prove that you are who you claim to be - so far, so good. The ones I know about are based on public/private-key cryptography, e.g. RSA
. The public part of your key is public knowledge, and you keep the private key really close to your heart. For normal scenarios, you'd keep it in a keyfile encrypted with a symmetric cipher, and a Real Good(TM) passphrase.
I'm not going to dive into how signing is done, since "it depends", but the important part is that it requires your private key. Oh, and that signing can potentially be used for stuff like acknowledging a bank transfer, or signing over the rights of your house to somebody else.
With key escrowing, instead of keeping your encrypted keyfile on your harddisk, you trust a third party to keep the private key stored. Now, I do believe company behind NemID to have proper HSM
storage, and I mostly believe their claims that the system is not backdoored. But I do know that they have the capability
to wait for my next NemID login and snoop my passphrase, and would thus be able to get at my private key. This is not
tinfoil-hat, it has been revealed in a government question about the security.
So... I'm not super-worried about a hacker penetrating the system and grabbing all the keys - but it would
be possible to snoop on people (or do more nefarious things) given a court order (we're not quite at the level of .us anti-terroism laws in .dk yet, but getting there). But (if I remember correctly wrt. the company ownership), I guess the patriot act could be involved (that's slightly tinfoil-hat).
That said, I do believe key escrowing is better for the majority
of people, and the solution does add 2-factor authentication by the use of single-use 6-digit codes on a keycard. It's a cheaper and more pragmatic solution than keyfrobs or the like, and while it's one of the best things about the system, it's ironically also one of the things people bitch most about, while completely ignoring the security repercussions of the system. Sheeple, *sigh*.
Judging by your usage, would it be correct to assume that it only protects the scenario where the java plugin has been compromised?
The Java plugin, or any number of other attack vectors, yes.
That is to say, the digital signature stored in escrow is still an exposed factor or does using Linux/using a VM serve as a form of anonymizer/2nd layer encryption against the system?
Well, the main thing to avoid is having the Java plugin in your day-to-day webbrowser. I try to get everybody I know to get rid of it, and use a second browser (or alternate firefox profile, whatever) for the NemID stuff.
The reasons for running it in linux is a bit of paranoia, and a "go fsck yourselves, NemID" attitude. First of all, should
something slip through the browser (however extremely unlikely), there's more malware for Windows than for Linux (that's not to say that there aren't juicy exploits available for Linux, but they're the kind you don't see in widespread use. If you're hit by one, you should probably be worried). Also, there's the fact that the NemID Java applet contains native x86 code - I don't really want "random" native code running on my machine. "We need it for making a fingerprint of your system", yeah right. I don't expect to be the target of a police investigation anytime soon, but I sure as hell don't want anybody to have a wonderful trojan delivery backdoor mechanism on my machine. While it's unlikely that the private keys are going to get hacked out of NemID, wouldn't the machine serving the non-bootstrap .jar be a juicy target? I think so.