Tom, Not sure how long you been out of the encryption game? Things really changed in encryption around 2016 with roll out the new system. Without going into detail too much, DHS, Border patrol, partner nations, all use the newer system. Inhouse key generation for internal networks was the norm for all but FFK, back in 2019 when I burned out on it.
When ordering the FFK it was all fully automated. As soon as the FFK order was placed, the key would be in the inbox to unwrap and download for the customer. Black key, benign, wrapped by special encrypted wrappers, delivered thru the network to specific IPs to rekey the encryptors is where they are heading.
By the looks of the East Coast Pipeline fiasco shutting down the flow, these companies need to get with the cyber Security Program quick! All this aged, legacy infrastructure needs to be brought into modern times.
Not Really Rock, but I like the Cars.
JD