[opensc-devel] Do smart card drivers generally support more than one PKCS#11 session?

Stef Walter stefw at collabora.co.uk
Thu Jun 9 13:17:45 PDT 2011

On 06/09/2011 10:11 PM, Alon Bar-Lev wrote:
> Yes.
> Most [usable] providers support this.

Good to hear.

> Although there are different issues to solve in your case, such as
> calling twice to C_Initialize, not calling C_Finalize if C_Initialize
> returned with already initialized.

This is what p11-kit [1] solves. Gnutls now uses p11-kit for its PKCS#11 
access. As you note, there must be a coordinator between multiple users 
of a PKCS#11 module within a single process, even if these consumers do 
not wish to interact in any way. [2]

> I am not sure who OpenSC provider in lock mode [secured] will
> behave...

I'm not familiar with that. Is this an extension to the PKCS#11 spec?



[1] http://p11-glue.freedesktop.org/p11-kit.html

[2] http://p11-glue.freedesktop.org/doc/p11-kit/sharing.html

More information about the p11-glue mailing list