> How would one normally go about loading things like server keys if > those have to be encrypted as well?
Ideally, they would be stored in a FIPS-approved security token. Otherwise, I'm not aware of any FIPS-approved algorithm for encrypting keys other than AES wrap (RFC3394). I'd love to hear if there are other/better solutions. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
