I couldnt help but notice that the Indian Income Tax deptt’s website for e-filing tax, asks for installation of a Java plugin for a simple upload of a digital certificate file. It was puzzling for me, until I figured it out that they were using Java for decrypting the private key (using the user provided password).
They wanted to do this clientside, to avoid massive load on their servers. Fair enough, but why the java fetish.
To make things much easier for people who want to do this - there are ready made libraries (like Clipperz and PIDCrypt). In fact PIDCrypt has a nice demo where it shows how fast it can decrypt RSA certificates.
For these people, I suggest that they read up on the Man-in-the-Middle type of an attack, which can effectively negate all the apparent advantages of a Java plugin based approach. All it succeeds in doing is worsen the user experience (similar to the pain of signing up for a digital certificate)
Atleast they did not make the site Internet Explorer-only