Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Release Notes

search

Please Note:

You are not viewing the most recent version of this page. 8.17.0 is the latest version available.

printsuggest an edit

Release Notes

copy link to clipboardProduct Description

copy link to clipboardCADP for C

CADP for C provides C/C++ based APIs for performing cryptographic and key management operations using CipherTrust Manager. It communicates with the CipherTrust Manager over KMIP and NAE interfaces to manage the stored objects.

copy link to clipboardCipherTrust Manager

With the CipherTrust Manager, organizations can leverage a range of different software and hardware-based encryption products, while gaining the efficiency and security benefits of having all keys stored on a centralized, hardened security appliance.

The CipherTrust Manager offers robust capabilities for managing cryptographic keys across their lifecycle, including key generation, key import and export, key rotation, and much more. The CipherTrust Manager can be integrated through open APIs with virtually any off-the-shelf encryption product, including database encryption, laptop and device encryption, file and storage level encryption, and more.

copy link to clipboardRelease Description

This release of CADP for C includes the new features and enhancements listed below.

copy link to clipboardFeatures and Enhancements for CADP CAPI

  • Upgraded OpenSSL

    The OpenSSL version 1.1.1g used by CADP CAPI 8.12.1 is affected with multiple vulnerabilities - CVE-2022-0778, CVE-2023-0286, CVE-2022-4304, CVE-2023-0215, and CVE-2022-4450. Therefore, the OpenSSL version 1.1.1g is upgraded to 1.1.1t to address these vulnerabilities.

  • Added domain support for domain users on the CipherTrust Manager.

  • Samples are moved to GitHub.

  • Added support for versioned key in FPE in the local and persistent mode.

  • Added support for Charset range in FPE in the Local and Persistent mode.

  • Added support to preserve special characters in the FPE/AES, FPE/FF1, FPE/FF1v2, and FPE/FF3 algorithms.

  • Added support to use Charset through FPE/AES command line.

  • Added support for Charset order in CARD62.

  • The old log levels (LOW, MEDIUM, HIGH) are changed to ERROR, WARN (default), and INFO respectively.

  • Published the CADP for C CAPI API Guide to the Thales documentation portal.

copy link to clipboardFeatures for CADP PKCS11

  • Upgraded OpenSSL version 1.0.2zg to address the vulnerability issues.

  • Key creation, deletion, and import.

  • Key wrap and unwrap.

  • Samples are moved to GitHub.

  • Single and multipart encryption and decryption.

  • Sign and verify certificates.

  • Support of custom attributes for newly created keys.

  • Support for Digest and HMAC algorithms.

  • Ability to modify key states.

  • Support for symmetric key caching.

  • Added log levels named NONE, ERROR, WARN, INFO, and DEBUG.

  • Published the CADP for C PKCS11 API Guide to the Thales documentation portal.

copy link to clipboardCompatibility Information

CADP for C Version 8.14.0 is compatible with CipherTrust Manager 2.11.1 and above.

copy link to clipboardResolved and Known Issues

This section lists the issues fixed in this release. Also, the section lists the issues known to exist in the product at the time of release. The following table defines the severity of the issues listed in this section.

SeverityClassificationDefinition
CCriticalNo reasonable workaround exists.
HHighReasonable workaround exists.
MMediumMedium level priority problems.
LLowLowest level priority problems.

copy link to clipboardResolved Issues

copy link to clipboardCADP CAPI

IssueSeveritySynopsis
CADP-7641
CADP-5953
CADP-11464		CSummary: Upgrade the OpenSSL version to 1.1.1t.

copy link to clipboardKnown Issues

copy link to clipboardCADP CAPI

IssueSeveritySynopsis
CADP-4910MProblem: If connetion_idle_timeout is set to 0, the batch connections do not expire after _expiredTimeDiff, which is set to 240sec.
CADP-1041MProblem: Crypto operations can be done with Restricted Key in local mode.
CADP-11245MProblem: RSA Versioned key in persistent mode throwing error for decryption.
CADP-10883MProblem: Key Wrapping and UnWrapping is not working with KMIP interface.

copy link to clipboardCADP PKCS11

IssueSeveritySynopsis
CADP-10609HProblem: Custom Attributes of the migrated key from DSM to CM cannot be retrieved.
CADP-8776HProblem: When the C_FindObjects call is made by providing a specific CKA_CLASS, the same key handle is returned for the Private Key and Public Key.
CADP-8157HProblem: The C_FindObjects API does not return Key Handle of a Pre-Active versioned key.
CADP-7961MProblem: C_DestroyObject does not delete all versions when provided a base key handle.
CADP-7828MProblem: Encryption with header v1.5 and v1.5base64 gives the same output.
CADP-1192MProblem: Setting CKA_SIGN and CKA_VERIFY when importing an AES key does not work.
KY-55894M** Problem**: Custom attributes of a key migrated from DSM to CM are not correctly interpreted by NAE-XML interface.
CADP-12502
CADP-12487
CADP-12479		HProblem: In Legacy VAE mode, keys created on the CipherTrust Manager are by default non-exportable and non-deletable.
CADP-14661CProblem: C_SignInit is not supported in Multithreaded environment.

copy link to clipboardLimitations

copy link to clipboardCADP CAPI

  • Korean algorithm ARIA is not supported in the local encryption mode.

  • ECIES is not supported in batching.

copy link to clipboardCADP PKCS11

  • SHA1 and MD5 algorithms are not supported.

  • Key alias is not supported.

  • Opaque objects are not supported.

  • GCM algorithm is not supported.

  • Wrapping and unwrapping is only supported for the symmetric keys.

  • Import of versioned keys is not supported.

  • RSA DPM header format is not supported.

  • Custom attribute not supported for DSM to CM migrated keys.

copy link to clipboardSupported Platforms

CADP for C is supported on the following platforms.

  • Windows

  • RHEL

On this page