Is the shared database intended for multiple users?
We use NSS to provide FIPS-compliant encryption in a Java desktop application. Each user has a MDB database under their C:\Users\User.Name directory, in which they keep their certificates and public/private key pairs.
But all users also get a few shared keys, which currently have to be copied into each user's database. This is a maintenance burden, and I've been looking at the shared database as a possible way to get around that.
From what I've read, though, the shared database is intended to allow servers to share keys and assumes the servers don't have secrets from each other. Once you enter the database password you have access to any and all keys within.
Is that true, or is there some way to share the database while giving each user a private collection of certs and keys?