File Operations with CIP
The following tables describe expected behaviors when moving files. The behavior is different between Linux and Windows.
Move Operation
Source | Destination | Result | PQS |
---|---|---|---|
GP1(Key1) | GP1(Key1) | Rename is performed and the file remains encrypted. | Entity information is updated accordingly. |
GP1(Key1) | GP2(Key1) | Rename is performed and the file remains encrypted. | Entity information is updated accordingly. |
GP1(Key1) | GP2(Key2) | Copy & Delete performed. The destination file is decrypted. It will be encrypted with the next DDC scan. | The entity at the source is updated for deletion. A new entity is created for the destination. |
GP1(Key1) - GDPR | GP2(Key1) - PCI | Copy & Delete performed. The destination file is decrypted. It will be encrypted with the next DDC scan. | The entity at the source is updated for deletion. A new entity is created for the destination. |
The following error displays for PQS Events for the copy & delete scenario, but it does not impact functionality:
[VMD] [ERROR] [3452] [DGV6002E] Data governance exception with error [gp E:\\GP\\w98_28sta03key2 not found] in [dgv::vm::pqs::vm_pqs_file_entity_manager::persist_file_access_event] at line [799]
Move Operation
Source | Destination | Result | PQS |
---|---|---|---|
GP1(Key1) | GP1(Key1) | Rename is performed and the file remains encrypted. | Entity information is updated accordingly. |
GP1(Key1) | GP2(Key1) | Copy & Delete is performed. Linux does not support file rename from key to clear_key. The following error displays: mv: setting attribute ‘user.::secfs:xattr:’ for ‘user.::secfs:xattr:’: Invalid argument | No update in DB |
GP1(Key1) | GP2(Key2) | Copy & Delete is performed. Linux does not support file rename from key to clear_key. The following error displays: mv: setting attribute ‘user.::secfs:xattr:’ for ‘user.::secfs:xattr:’: Invalid argument | No update in DB |
GP1(Key1) - GDPR | GP2(Key1) - PCI | Copy & Delete is performed. Linux does not support file rename from key to clear_key. The following error displays: mv: setting attribute ‘user.::secfs:xattr:’ for ‘user.::secfs:xattr:’: Invalid argument | No update in DB |
Edit Operation
If files encrypted with CTE 7.2.0 are modified in VI editor, they become plaintext on the local storage and NFS server. The non-key users can see the encrypted files in plaintext.
Workaround: Disable the creation of default temporary files (swap files) in the VI editor using the following settings in ~/.vimrc
:
set nobackup
: Prevents creation of backup files.set nowritebackup
: Prevents creation of backup files while editing files.set noswapfile
: Prevents creation of swap files.
Truncate Operation
CIP supports the truncate operation during and after remediation of the files.
Note
Truncate operation is allowed on plain or encrypted file.
File remains in the same state (plain or encrypted) after the truncate operation.
File access should work as per the CTE policy.