[analog31]

>>> A leak of the state's private key(s) could be devastating.

Preventing this leak is what's technologically impossible. A leak includes when the government that's keeping the keys decides to start abusing their access to the data.

[edent]

It's really hard to say whether something like that is impossible.

I'm not aware of, for example, Google's private signing keys for Android being leaked. Sure, plenty of CAs have been breached - but not all. That suggests it is possible to key these keys secure.

[analog31]

That's fair. But it turns "possible" into a statement about a company's or government's expected degree of restraint, rather than a mathematical statement about the robustness of an encryption scheme.

The famous case is what happened to government birth records when the Netherlands were overrun by Germany in WWII. They weren't even encrypted, but mere transfer of access led to tragedy.

[wizzwizz4]

Why would someone want to breach Google's private signing keys? It's easy enough to get malware signed just by submitting it through their ordinary processes.

A better analogy would be the keys used by Microsoft to secure Outlook inboxes.

[palata]

> Sure, plenty of CAs have been breached - but not all. That suggests it is possible to key these keys secure.

"Sure, plenty of people lose at the casino - but not all. That suggests it is possible to find a winning strategy."

[GeoAtreides]

> Preventing this leak is what's technologically impossible.

Is it? Put the key in a TPM module in a well guarded server in a well guarded datacenter. Have the prosecution send the encrypted blob to the server and then receive the messages in clear from the server.

That way, there is absolutely no way the private keys can be leaked.