AND they were generated via secure hardware? or did he just spin up a new key on an already compromised machine?