Overall, it looks good. Just some minor suggestions, mostly for clarification purposes. * SecureChannel.java : clearAppletKeySlotData - would appreciate comments describing the content and format expected in the input "data" - maybe a positive debug message after the successful cleanup (as negative result is non-fatal regardless) * PKCS11Obj.java : getKeyIndexList - please add high level comment to tell what this does - how about go with the convention and assign a String method for debug messages? - I couldn't figure out why the code needs to traverse the cert objects while it has no interest in them; I don't think it hurts though; I'm okay with it if you decide to leave it in. - One question: if TPSBuffer data ends up not having anything add to it, will this reference blow up? data.toHexString() Conditional ACK. thanks, Christina On 12/16/2016 04:28 PM, John Magne wrote: