Release Notes
Product Description
CADP for C
CADP for C provides C/C++ based APIs for performing cryptographic and key management operations using CipherTrust Manager. It communicates with the CipherTrust Manager over NAE interfaces to manage the stored objects. It can also operate over KMIP.
CipherTrust Manager
With CipherTrust Manager, organizations can leverage a range of disparate software and hardware-based encryption products, while gaining the efficiency and security benefits of having all keys stored on a centralized, hardened security appliance.
The CipherTrust Manager offers robust capabilities for managing cryptographic keys across their lifecycle, including key generation, key import and export, key rotation, and much more. The CipherTrust Manager can be integrated through open APIs with virtually any off-the-shelf encryption product, including database encryption, laptop and device encryption, file and storage level encryption, and more.
Release Description
This release of CADP for C includes the new features and enhancements listed below.
Features and Enhancements
CADP PKCS11
Asymmetric Key Exponent Behavior Changes
Client registration using Registration token. This feature is supported from CipherTrust Manager 2.15.0 release onward.
Client certificate auto renewal. This feature is supported from CipherTrust Manager 2.15.0 release onward.
Compatibility Information
CADP for C Version 8.16.0 is compatible with CipherTrust Manager 2.13.1 and above.
Resolved and Known Issues
This section lists the issues fixed in this release. Also, the section lists the issues known to exist in the product at the time of release. The following table defines the severity of the issues listed in this section.
| Severity | Classification | Definition |
|---|---|---|
| C | Critical | No reasonable workaround exists. |
| H | High | Reasonable workaround exists. |
| M | Medium | Medium level priority problems. |
| L | Low | Lowest level priority problems. |
CAPI library
Known Issues
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-12271 | H | Problem: Null value being appended to decrypted text with SEED/CBC/NoPadding |
| CADP-4910 | M | Problem: If connetion_idle_timeout is set to 0, the batch connections do not expire after _expiredTimeDiff, which is set to 240sec |
| CADP-1041 | M | Problem: Crypto operations can be done with Restricted Key in local mode |
| CADP-10883 | M | Problem: Key Wrapping and UnWrapping are not working with the KMIP |
| CADP-14399 | M | Problem: FPE/AES/CARD10 is not supported in remote mode with versioned key |
Limitations
Korean algorithm ARIA is not supported in Local encryption mode.
ECIES is not supported in batching.
PCKS#11 library
Resolved Issues
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-17282 | M | Problem: AES-GCM decryption fails on consecutive decryption |
| CADP-17283 | M | Problem: AES-GCM decryption fails for key with the same key name in different domain |
Known Issues
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-12638 | H | Problem: Version key Rotation Fails through C_GenerateKey API fails After 19 Rotation |
| CADP-1192 | M | Problem: Setting CKA_SIGN and CKA_VERIFY when importing an AES key does not work |
| CADP-12441 | M | Problem: Key/Object Handles returned by C_FindObjects are different from values returned by VAE |
| CADP-7961 | M | Problem: C_DestroyObject does not delete all versions when provided a base key handle |
| CADP-14004 | M | Problem: VAE .Net Wrapper TestAttributeSample.cs - Get Attribute is not fetching latest attributes value for modified attributes |
| CADP-14324 | M | Problem: Key Imported with C_UnwrapKey does not have MUID and KEYID |
| CADP-13993 | M | Problem: Different Key Handle For the Asymmetric Keys when searched with UUID |
Limitations
Wrapping and unwrapping are not supported for Asymmetric to Asymmetric keys.
Key Alias is not supported for Asymmetric keys.
Versioned Asymmetric keys are not supported.
DPM Headers are not supported for non-versioned keys and Multi-part operations.
RSA DPM header is supported in
LEGACY_VAE compatibilitymode only.Unwrapping of Opaque object with Symmetric key is not supported.
Wrapping and Unwrapping of Opaque object with Asymmetric key is not supported.
Associating an alias with a specific version of the key is not supported on the CipherTrust Manager. All the aliases get associated with the most active or latest version of the key.
Supported Platforms
CADP for C is supported on the following platforms:
Windows
RHEL
