Release Notes
Product Description
CADP for C
CADP for C provides C/C++ based APIs for performing cryptographic and key management operations using CipherTrust Manager. It communicates with the CipherTrust Manager over NAE interfaces to manage the stored objects. It can also operate over KMIP.
CipherTrust Manager
With CipherTrust Manager, organizations can leverage a range of disparate software and hardware-based encryption products, while gaining the efficiency and security benefits of having all keys stored on a centralized, hardened security appliance.
The CipherTrust Manager offers robust capabilities for managing cryptographic keys across their lifecycle, including key generation, key import and export, key rotation, and much more. The CipherTrust Manager can be integrated through open APIs with virtually any off-the-shelf encryption product, including database encryption, laptop and device encryption, file and storage level encryption, and more.
Release Description
This release of CADP for C includes the new features and enhancements listed below.
Features and Enhancements
OpenSSL Upgrade: The OpenSSL version is upgraded to 3.0.15.
req binary is replaced with openssl binary. Refer to Utilities section for Linux and Windows.
CAPI
- FF3-1 algorithm is enabled for encryption/decryption with both versioned and non-versioned keys.
CADP PKCS11
ECC key generation and ECDSA algorithm enabled for sign/verify operaion
RSA Public key Modulus is supported in the remote . Refer to API Guide.
Key search is enabled with CKA_KEY_TYPE and CKA_ID. Refer to API Guide.
FF3-1 algorithm is enabled for encryption/decryption with both versioned and non-versioned keys.
Compatibility Information
CADP for C Version 8.17.0 is compatible with CipherTrust Manager 2.17.0 and above.
Resolved and Known Issues
This section lists the issues fixed in this release. Also, the section lists the issues known to exist in the product at the time of release. The following table defines the severity of the issues listed in this section.
Severity | Classification | Definition |
---|---|---|
C | Critical | No reasonable workaround exists. |
H | High | Reasonable workaround exists. |
M | Medium | Medium level priority problems. |
L | Low | Lowest level priority problems. |
CAPI library
Resolved Issues
Issue | Severity | Synopsis |
---|---|---|
CADP-19377 | M | Problem: CADP client v8.16 log file rotation is not working when using libcadp_capi.so |
Known Issues
Issue | Severity | Synopsis |
---|---|---|
CADP-12271 | H | Problem: Null value being appended to decrypted text with SEED/CBC/NoPadding |
CADP-4910 | M | Problem: If connetion_idle_timeout is set to 0 , the batch connections do not expire after _expiredTimeDiff , which is set to 240sec |
CADP-1041 | M | Problem: Crypto operations can be done with Restricted Key in local mode |
CADP-10883 | M | Problem: Key Wrapping and UnWrapping are not working with the KMIP |
Limitations
Korean algorithm ARIA is not supported in Local encryption mode.
ECIES is not supported in batching.
PCKS#11 library
Resolved Issues
Issue | Severity | Synopsis |
---|---|---|
CADP-19127 | H | Problem: cadp_pkcs11_wrapper.log created under each application directory |
CADP-19243 | H | Problem: failed with error 12 and key memory can be swapped to disk |
CADP-20328 | H | Problem: Request for information - Compatibility challenge related to PKCS#11 and Java 11 |
CADP-20364 | M | Problem: CADP for C client: key memory swapping issue |
Known Issues
Issue | Severity | Synopsis |
---|---|---|
CADP-12638 | H | Problem: Version key Rotation Fails through C_GenerateKey API fails After 19 Rotation |
CADP-1192 | M | Problem: Setting CKA_SIGN and CKA_VERIFY when importing an AES key does not work |
CADP-12441 | M | Problem: Key/Object Handles returned by C_FindObjects are different from values returned by VAE |
CADP-7961 | M | Problem: C_DestroyObject does not delete all versions when provided a base key handle |
CADP-14324 | M | Problem: Key Imported with C_UnwrapKey does not have MUID and KEYID |
CADP-13993 | M | Problem: Different Key Handle For the Asymmetric Keys when searched with UUID |
CADP-14499 | M | Problem: CKA_SERIAL_NUMBER is not reflecting for keys after migration from DSM to CM |
CADP-23874 | M | Problem: CKA_ID is returned in Base64 format after migration |
Limitations
Wrapping and unwrapping are not supported for Asymmetric to Asymmetric keys.
Key Alias is not supported for Asymmetric keys.
Versioned Asymmetric keys are not supported.
DPM Headers are not supported for non-versioned keys and Muti-part operations.
RSA DPM header is supported in
LEGACY_VAE compatibility
mode only.Unwrapping of Opaque object with Symmetric key is not supported.
Wrapping and Unwrapping of Opaque object with Asymmetric key is not supported.
Associating an alias with a specific version of the key is not supported on the CipherTrust Manager. All the aliases get associated with the most active or latest version of the key.
AES-CTR algorithm is supported in Local mode only.
Supported Platforms
CADP for C is supported on the following platforms:
Windows (validated with Windows Server 2022)
RHEL (validated with RHEL 8)