The keys are generated inside the card and cannot be read (barring broken card implementations). For more check out http://www.id.ee/public/TB-SPEC-EstEID-Chip-App-v3.4.pdf chapter 11. Card user’s secret keys .

That said it's never gonna be unbreakable, it is though in the general case far safer than the alternatives (scanned bitmaps are actually being used as "digital signatures") not to mention the ease of use.