Problem

How does Gateway protect loaded certificates and private & public keys?

Out of the box, the certificates (stored in Gateway's key.dat file) are encrypted using AES128. You can additionally secure them by setting the "Database protection option" (in Navigator, under <Configuration> > Gateway > Database > Protection) and filling in the appropriate options (see the contextual help for details).