comparison with other stored security state mechanisms [was: Re: Sharing Trust Policy between Crypto Libraries]

Gabor Toth tg at
Mon Jan 14 14:55:46 PST 2013

>>>>> On Mon, 14 Jan 2013 15:21:24 -0500, Simo Sorce <simo at> said:

> On Mon, 2013-01-14 at 20:50 +0100, Gabor Toth wrote:
>> As for the actual implementation of the database, one option is
>> SQLite, which already implements a proper locking scheme for shared
>> access across many applications, to facilitate frequent read/write
>> operations. PKCS#11 would be another option, but not sure how
>> libraries implementing it handle shared access. How does p11-kit
>> handle this?

> You can't use SQLite across different user processes boundaries, so if
> you want to do this 'system wide ', it is off (and anything that relies
> on collaborative locking like fcntl locks).

In order to make it really multi-user, a system-wide daemon process could
handle the database, and applications would communicate with this process.


More information about the p11-glue mailing list