KSP provides enhanced key storage mechanism and supports modern key and signature algorithms (ellyptic curve cryptography). For CAs you should use KSP whenever it is possible. For end entity certificates you can use KSP depending on particular application support. Some technical information: http://...