Please Note:

User Guide
Quick Start
- Installation
  - Installing CADP for C on Linux
  - Installing CADP for C on Windows
  - Client Certificate Renewal in Linux/Windows
- Installed Directories
  - Installed Directory on Linux
  - Installed Directory on Windows
Tasks
- Tasks for CAPI
  - Setting up SSL/TLS on CipherTrust Manager and CADP for C
  - Create an NAE Session
  - Configuring CADP for C CAPI Properties File
  - Connecting to a Server through Single Properties File
  - Connecting to a Server through Multiple Properties File
  - Connecting to a Server through NAE and KMIP Session in a Single configuration
  - Adding CipherTrust Manager Servers
  - Adding Syslog Server
  - Enabling Connection Pooling
  - Securing Passphrase
  - Enabling Asymmetric Key Caching
  - Enabling Symmetric Key Caching
  - Setting Logging Parameters
  - Working with Certificates
    - Importing a Certificate
    - Exporting a Certificate
    - Creating a CA Chain using OpenSSL and Uploading on the CipherTrust Manager
    - Exporting a CA Chain
    - Deleting a Certificate
    - Creating a Certificate Signing Request
    - Signing a CSR with an existing local certificate authority
  - NAE Key Management Operations
    - Creating versioned key
    - Creating a new version of a key
    - Destroying versioned key
    - Creating a CipherSpec for a versioned key
    - Exporting a public versioned key
    - Exporting a symmetric versioned key
    - Getting key attributes of a versioned key
    - Modifying the state of a versioned key
    - Calculating the size of ciphertext created by versioned keys
    - Calculating the size of the ciphertext header for a versioned key
    - Deleting the EVP context created using I_C_Crypt_Fast
    - Deriving AES/HMAC symmetric key from any AES/HMAC symmetric key
    - Wrapping AES Key
    - Search key names by multiple attributes
- Tasks for PKCS#11
  - Configuring CADP for C PKCS11 Properties File
  - Configuring Registry Editor on Windows for CADP for C PKCS11
  - Initializing CADP PKCS#11 Library
  - Adding CipherTrust Manager Servers
  - Creating a Key
  - Enabling Connection Pooling
  - Enabling Symmetric Key Caching
  - Enabling Asymmetric Key Caching
  - Setting Logging Parameters
  - Migrating VAE to CADP for C
- Modifying the CADP for C Basic Configuration File
Advanced Topics
- Configuration
  - Logging Parameters
  - Network Configuration Parameters
  - Connection Configuration Parameters
  - Caching Parameters
  - SSL Configuration Parameters
  - Miscellaneous Parameters
- Symmetric/Asymmetric Caching
  - Symmetric/Asymmetric Caching, CADP for C CAPI
  - Symmetric/Asymmetric Caching, CADP for C PKCS#11
- Connection Pooling
- Load Balancing Group
- Multi-tier Load Balancing Group
- Persistent Key Caching
- Key Management, CADP for C PKCS#11
- Supported Cryptographic Operations
  - Supported Cryptographic Operations for CAPI
  - Supported Cryptographic Operations for PKCS#11
- Format Preserving Encryption
- KMIP Key Management in C
- Utilities
  - CryptoDataUtility
  - SelfSignedCertificate
  - RSAEncryptionUtility
- Pkcs11Interop Library for .Net Core
- Upgrade
  - Upgrade from CADP CAPI to CADP for C
  - Recompiling with CADP for C Library
  - For Already Existing CAPI Sample Executables
  - Upgrade from VAE to CADP for C
- Uninstall

CADP for C
User Guide

User Guide

Overview

CADP enables you to integrate your C applications with the cryptographic and key management capabilities of the CipherTrust Manager.

CADP enables your C clients to perform cryptographic operations either by requesting those operations to be performed on the CipherTrust Manager (remote mode) or by caching keys on the client and performing crypto locally (local mode).

CADP FOR C is available with two libraries:

CAPI - The APIs in the CADP for C CAPI library are flexible to perform the crypto operations.
PKCS#11 - The APIs in the CADP for C PKCS11 library are a subset of the PKCS#11 specification version 2.40 with a focus on session management, key management, and cryptographic functions. The CADP for C PKCS11 library acts as a bridge between an application written in the PKCS#11 protocol and the CipherTrust Manager.

What is a Wrapper?

A wrapper is a a program or set of instructions intended to encapsulate other function within a function or a program. Wrappers are used to ensure compatibility or interoperability between different software structures.

CADP for C PKCS11 library consist of APIS written in C that is available with two wrappers:

.Net Core Wrapper
JAVA Wrapper

Architecture

The CipherTrust Manager platform consists of the following components:

Client (CADP for C)
CipherTrust Manager
Database Connector (it is optional, required in some cases)

The following diagram shows a high-level architecture of a typical deployment of the CipherTrust Manager platform. Whenever required, the CipherTrust Manager client (application, Web, and database servers) makes requests using one of the CADP Clients or the XML interface for cryptographic operations to be performed by the CipherTrust Manager.

Architecture

The CipherTrust Manager performs all the desired cryptographic operations and returns data to the application that made the request. At that point, if the client is an application, it might want to store the data in a database or return the data to a client over the Internet. This unique method of providing cryptographic functionality over the network creates an extremely simple, scalable, and secure solution to backend data encryption, integrity checking, and fingerprinting (hashing). An example configuration is illustrated below.

The CADP for C is installed on all the back-end servers that might be making requests for the cryptographic operations. All applications, servlets, or scripts see a conventional interface and issue simple commands to the CipherTrust Manager to perform cryptographic operations. Instead of bogging down back-end server applications with cryptographic operations, the CipherTrust Manager performs all such operations.

Hardware and Software Requirements

Required Equipment

CipherTrust Manager appliance: This is available in the various hardware configurations and comes as a standard with multiple Ethernet interfaces for connecting to the back-end servers. Options are available for redundant power supplies, redundant fans, and copper and fiber Gigabit Ethernet versions.

Required Software

CADP for C: This is provided in the form of an installer (consisting of library files).

Supported Platforms

CADP for C is supported on the following platforms.

Windows
RHEL

Dependencies for Windows Platform

Microsoft Visual C++ 2015-2022 Redistributable Package

Dependencies for Linux Platform

gcc version: 4.8.5 or higher
g++ version: 4.8.5 or higher
glib version: 2.17 or higher

Suggest A Change

User Guide

Overview

What is a Wrapper?

Architecture

Hardware and Software Requirements

Required Equipment

Required Software

Supported Platforms

Dependencies for Windows Platform

Dependencies for Linux Platform

On this page