Forum Discussion
Ed_Summers
Apr 01, 2015Nimbostratus
Were these keys imported as (or converted to) FIPS security format and saved on a HSM in the device? If so are you sure you are successfully exporting the keys? I thought a major point of having keys stored as FIPS was to prevent the key from being exportable (and therefore 'stolen' or otherwise used for nefarious means).
My understanding is that a FIPS key may still have a .exp file in the BigIP filesystem, but the file is not the full key. This discussion with tech support is fuzzy now, but I believe it is a partial file and may be used by the system as a pointer to the location of the key in the HSM. Interested to hear results of support case and other's inputs.