module OpenKey

After a successful initialization, the application instance is linked to a keystore whose contents are responsible for securing the application instance database.

To ascertain what needs to be done to bridge the gap to full initialization the app needs to know 3 things from the KeyApi. These things are

The answers dictate the steps that need to be undertaken to bring the database of the application instance under the secure wing of the KeyApi.

1. What is the App Instance ID on this Machine?

The KeyApi uses the “just given” application reference and the machine environment to respond with a digested identifier binding the application instance to the present machine (workstation).

2. Has a Keystore been associated with this ID?

The application's configuration manager is asked to find an associated KeyStore ID mapped against the app/machine id garnered by question 1.

No it has not!

If NO then a KeyStore ID is acquired either from the init command's parameter, or a suitable default. This new association between the app/machine ID and the KeyStore ID is then stored so the answer next time will be YES.

Yes it has!

Great - we now submit the KeyStore ID to the KeyApi so that it may answer question 3.

3. Does the keystore secure the app instance database?

For the KeyApi to answer, it needs the App's Instance ID and the KeyStore ID.

Not Yet! Now NO means this application instance's database has not been brought under the protection of the KeyApi's multi-layered security net. For this it needs

Yes it does! If the app db keys have been instantiated and the client app is sitting pretty in possession of the database ciphertext, no more needs doing.