Release Notes
Product Description
CipherTrust Batch Data Transformation (BDT) is a command line utility that is used to transform (encrypt/tokenize) data in files and databases. It is a policy-based tool and can efficiently transform bulk data, and can also be used for rekey operations.
Release Description
This release includes new features, enhancements, and bug fixes.
New Features and Enhancements
Unified BDT Package
Support for Case Sensitivity
Support for Initial Encryption of DPG
Transforming Tables Not Owned by Default Schema
Unified BDT Package
BDT can be used as a standalone utility to perform encryption/decryption. A default crypto library has been packaged in this release. To configure this library, new configurations have been added to the bdt.properties file which is present at the installation path under the conf directory.
Refer to BDT Properties File for details.
Support for Case Sensitivity
Added support for case sensitive database objects for all the supported databases of BDT. To configure case sensitivity, add a new parameter caseSensitive to the BDT policy, and set it to true. By default, this parameter is disabled.
Refer to Sample Policy File and BDT Policy File for details.
Support for Initial Encryption of DPG
Added support for initial encryption of DPG. A new parameter policyVersion is introduced in this release. This parameter specifies the protection policy version information of DPG. If policy version > 0, then only the version header in hex will be prepended to the ciphertext.
Refer to Sample Policy File and BDT Policy File for details.
Note
The policyVersion parameter will be available on the CipherTrust Manager 2.9 and higher versions.
Transforming Tables Not Owned by Default Schema
BDT now allows transformation of tables that are not owned by the default schema (for example, dbo for MSSQL) or the user mentioned in JDBC connection attributes.
Two new parameters sourceSchema and destinationSchema have been introduced in BDT policy for this enhancement.
Use parameter
sourceSchemato specify the username or schema of the source table. If not specified, the default would be the default schema or the user mentioned in JDBC connection attributes for source.Refer to BDT Policy File for details.
Use parameter
destinationSchemato specify the username or schema of the destination table. If not specified, the default would be the default schema or the user mentioned in JDBC connection attributes for destination.Refer to BDT Policy File for details.
Compatibility Information
Key Manager
BDT is compatible with CipherTrust Manager version 2.9 and above.
Note
When running BDT with a centralized policy file, CipherTrust Manager version 2.12.2, 2.18, and higher is not supported.
Resolved Issues
| Reference | Description |
|---|---|
| BULK-573 | Bad SQL grammar error occurs when the database table name contains "." or ":".This error occurs due to the following reasons: • No support for case sensitivity of database objects. • No way to define user-specified schema/owner name. Solution: Two new parameters sourceSchema and destinationSchema have been introduced in BDT policy and added support for case sensitivity of database objects.Refer to Sample Policy File, BDT Policy File, and Support for Case Sensitivity for details. |
Known Issues
| Reference | Description |
|---|---|
| CADP-24175 | A deadlock error occurs during an in-place transformation in the Microsoft SQL Server database when the table has a primary key with a varchar datatype. Workaround: Using a primary key of a varchar datatype can slow down comparisons compared to integer datatypes, potentially leading to a deadlock. Therefore, it is recommended to modify the table to have a primary key of integer datatype. After the transformation is over, these changes can be reverted. 1. Identify the primary key constraint name. SELECT nameFROM sys.key_constraintsWHERE type = 'PK'AND parent_object_id = OBJECT_ID('table_name');2. Drop composite primary key constraint from the table. ALTER TABLE table_name DROP CONSTRAINT <constraint_name>;The Alter table <table_name> add <new_primary_column> int primary key identity(1,1)4. Run the transformation. It will run successfully. 5. Delete the new primary key created in step 3. — Identify its constraint name using the query mentioned in step 1. — Drop the constraint using query mentioned in step 2. 6. Alter the table to add the composite primary key constraint back. ALTER TABLE <table_name> ADD CONSTRAINT <constraint_name> PRIMARY KEY (<column_name1>, <column_name2>); |
| CADP-7652 | javax.net.ssl.SSLException occurs while running BDT with java 11.Workaround: Add useSSL=false in the connection string (for example, jdbc:mysql://localhost:3306/security?useSSL=false).Refer to SSLException on connection close for details. |
| BULK-574 | The console displays incorrect number of records transformed. |
| CADP-13218 | Following error message appears continuously on console while performing transformation on empty table in DB2:ERROR [threadPoolTaskExecutor-3] - Exception: null Note: The user needs to abort manually using Ctrl+C option. |
| CADP-16680 | BDT throws the following error while configuring dataProtectionConfig using the password that contains double quotes (") or backslash (\) characters:Failed post request to Data Protection Service. Received response - null Workaround: If the password contains double quotes (") or backslash (\) characters, escape these characters while setting in BDT.For example, if the actual password is xyz"@123\xyz, the password in dataProtectionConfig must be configured as xyz\"@123\\xyz |
