AFAIK the following is true for key archival: A random key is generated using the same CSP for the CA and this is used to encrypt the archived private key using 3DES. The random key is then encrypted with the KRA public key and archived, but what algoritm is used? Presumably it is RSA or Diffie-Hellman? Thanks

RSA. Moreover, only RSA keys are supported for key archival.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Thanks Vadims.