2.9.2.3 Archived Key Storage
Neither the protocols nor the CA mandates any particular protection mechanism for the private keys archived by a CA. When choosing an algorithm and key sizes for the key protection, it is recommended that an implementer consider the lifetime of the key that is being protected and document its strength to set expectations for the clients of the system. For more information about the key archival and recovery process on the Windows platform, see [MSFT-ARCHIVE].