Re:Fraud (Score 1)

Yes, what you describe is a significant risk when using digital signatures. The challenge is to protect your private key.

Some alternatives:
1. The Java environment includes the tools to keep the private key in a PKCS12 (encrypted) file that is protected by a password. Choose a strong password for this file's protection. I don't know if the USPS EPM uses this Java feature. DigiStamp does.
2. Keep that password protected file on a removeable medium (floppy, CD) and then securely store. Only use floppy disk only when signing. This approach does make signing a little more difficult task. But, signing as deliberate act that requires you to retrieve and unlock the key is not bad, my opinion.
3. The most secure solution with current technology is a smartcard. This solution could include the smartcard creating the actual signature within the card after you supply a PIN directly on the cards embedded key pad. At DigiStamp, we have not yet found a smartcard with all of these qualities.

Our signing and timestamping desktop software has some information about smartcard integration here: http://www.digistamp.com/FAQsig.htm#smart

rick at digistamp.com