[Opendnssec-develop] SoftHSMv2 and IPC
Rickard Bellgrim
rickard at opendnssec.org
Tue Oct 30 21:19:18 UTC 2012
> 14 characters is not a problem, thats 10^14 combinations if you just
> sprintf() a number as identification. Hitting the maximum number of
> semaphore is a bigger problem because it might not be changeable on
> some systems and hard for some users to do.
The name is now a string with the path and the UUID of the object. So
currently it is longer than 14 characters.
I only hit a maximum with the System V semaphores, but not with the
POSIX semaphores.
> Why do we have a semaphore per object?
For synchronizing changes between processes. There is a memory layer
and file layer. To minimize the number of semaphore, it would be
better to re-design this part.
> What is an object (is it a key_pair)?
PKCS#11 Objects:
CKO_DATA, CKO_PRIVATE_KEY, CKO_PUBLIC_KEY, CKO_SECRET_KEY, CKO_CERTIFICATE
> How does this work in v1?
All data are read from the SQLite database.
// Rickard
More information about the Opendnssec-develop
mailing list