This is my understanding of the rules, and I will freely admit that I
am probably not qualified to give an appropriate discourse on this.
The secret key that is used to encrypt a private key is generated from
the passphrase, which itself is not the secret key. It is a "Key
Generator".
In order f
I have a question about storage of private keys outside of the FIPS
module and about CSPs in general -
In section 4.1, Rules of Operation, rule 10 is given as:
"Secret or private keys that are input or output from an application
must be input or output in encrypted form using a FIPS approved
