To create an internal key pair to use with an internal signing authority system, or an external key pair to use with an external signing authority system, you must apply protection to sensitive APIs, protect data in the runtime store, and protect data in a persistent object.

The RSAE.key is an external key, and ACMI.key is an internal key.