Release Notes
Product Description
CADP for C
CADP for C provides C/C++ based APIs for performing cryptographic and key management operations using CipherTrust Manager. It communicates with the CipherTrust Manager over KMIP and NAE interfaces to manage the stored objects.
CipherTrust Manager
With the CipherTrust Manager, organizations can leverage a range of different software and hardware-based encryption products, while gaining the efficiency and security benefits of having all keys stored on a centralized, hardened security appliance.
The CipherTrust Manager offers robust capabilities for managing cryptographic keys across their lifecycle, including key generation, key import and export, key rotation, and much more. The CipherTrust Manager can be integrated through open APIs with virtually any off-the-shelf encryption product, including database encryption, laptop and device encryption, file and storage level encryption, and more.
Release Description
This release of CADP for C includes the bug fix.
Compatibility Information
CADP for C Version 8.14.1 is compatible with CipherTrust Manager 2.11.1 LTS and higher.
Resolved and Known Issues
This section lists the issues fixed in this release. Also, the section lists the issues known to exist in the product at the time of release. The following table defines the severity of the issues listed in this section.
| Severity | Classification | Definition |
|---|---|---|
| C | Critical | No reasonable workaround exists. |
| H | High | Reasonable workaround exists. |
| M | Medium | Medium level priority problems. |
| L | Low | Lowest level priority problems. |
Resolved Issues
CADP CAPI
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-7641 CADP-5953 CADP-11464 | C | Summary: Upgrade the OpenSSL version to 1.1.1t. |
CADP PKCS#11
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-14661 | C | Summary: C_SignInit is not supported in Multithreaded environment. |
Known Issues
CADP CAPI
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-4910 | M | Problem: If connetion_idle_timeout is set to 0, the batch connections do not expire after _expiredTimeDiff, which is set to 240sec. |
| CADP-1041 | M | Problem: Crypto operations can be done with Restricted Key in local mode. |
| CADP-11245 | M | Problem: RSA Versioned key in persistent mode throwing error for decryption. |
| CADP-10883 | M | Problem: Key Wrapping and UnWrapping is not working with KMIP interface. |
CADP PKCS#11
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-10609 | H | Problem: Custom Attributes of the migrated key from DSM to CM cannot be retrieved. |
| CADP-8776 | H | Problem: When the C_FindObjects call is made by providing a specific CKA_CLASS, the same key handle is returned for the Private Key and Public Key. |
| CADP-8157 | H | Problem: The C_FindObjects API does not return Key Handle of a Pre-Active versioned key. |
| CADP-7961 | M | Problem: C_DestroyObject does not delete all versions when provided a base key handle. |
| CADP-7828 | M | Problem: Encryption with header v1.5 and v1.5base64 gives the same output. |
| CADP-1192 | M | Problem: Setting CKA_SIGN and CKA_VERIFY when importing an AES key does not work. |
| KY-55894 | M | ** Problem**: Custom attributes of a key migrated from DSM to CM are not correctly interpreted by NAE-XML interface. |
| CADP-12502 CADP-12487 CADP-12479 | H | Problem: In Legacy VAE mode, keys created on the CipherTrust Manager are by default non-exportable and non-deletable. |
Limitations
CADP CAPI
Korean algorithm ARIA is not supported in the local encryption mode.
ECIES is not supported in batching.
CADP PKCS#11
SHA1 and MD5 algorithms are not supported.
Key alias is not supported.
Opaque objects are not supported.
GCM algorithm is not supported.
Wrapping and unwrapping is only supported for the symmetric keys.
Import of versioned keys is not supported.
RSA DPM header format is not supported.
Custom attribute not supported for DSM to CM migrated keys.
Supported Platforms
CADP for C is supported on the following platforms.
- RHEL
