I want to write code that is as generic as possible using JSS. For now I will be using the internal tokens formed of the secmod.db, key3.db, cert7.db. I would like the code to be such that moving to another token technology would be as painless as possible. Are there any guidelines to follow in order to accomplish such a goal? What kind of differences might I expect between the internal and external store that I should be aware of?
I also have some more general questions concerning flow, lifetime of object, password callbacks, etc. I'm sure all of these cannot be addressed in one message so let me ask the mose immesiate ones. Is there a full description of the password callback classes? I'd like to know things such as the protocol for using them. That is, the sequence of calls, actions, and return expression execution involved in using them. Are there more and less secure methods of creating and using these objects? What does it mean to be "logged into" a token? Another set of questions I have are regarding the creation of keys, certificate requests, etc. If I generate a keypair using the generator object of a token, does that automatically put the keys into the key store? Are only private keys contained in the key3.db? What happens to the public key if it isn't stored in the key3.db? Is there a place where this stuff is documented other than in the RSA documentation? The java docs are very helpful, but they don't provide all the details such as side effects of method invocations. Thanks, Steven
