Release Notes
Product Description
CipherTrust Application Data Protection for Java is a Java Cryptography Extension (JCE) provider that helps the users to integrate their Java applications with the cryptographic and key management abilities of the Key Manager. CADP for Java provides APIs (Java, REST, and SOAP) to perform cryptographic and key management operations using Key Manager.
Release Description
This release includes features and bug fixes.
Features and Enhancements
The following support has been added to Date2 Algorithm in SDK and WebServices (Session Oriented APIS and Stateless APIs):
Java supported Date formats
Support of preservation for month, year, and month-year in the Date
Creation of multiple Date2 specs and cleanup of the corresponding resources
AES/CTR/NoPadding is supported in remote mode for CipherTrust Manager 2.16 and above
Advisory Notes
Before deploying this release, note the following high-level requirements and limitations:
Removal of
safenetcloud.war
andsfbyok.war
files form CADP for Java package: We are migrating CSEG and BYOK REST API support to open-source as integration. To handle these migrations, 8.15.0 release onward, thesafenetcloud.war
andsfbyok.war
files are not bundled with the CADP for Java package. Soon, CSEG and BYOK REST API support will be available as open-source.Jar File Version Change: The jar file version is 8.17.0.000 and the name of the file is CADP_for_JAVA-8.17.0.000.jar. Customers upgrading from previous releases must update the classpath to reflect this new name.
Downloading JCE Policy Files: The CADP for Java Provider does not include the JCE policy files required to use unlimited strength ciphers (e.g., 192- and 256-bit AES keys.) You must download the unlimited strength policy files for Java 8 implementation.
Generate and Install a Client Certificate with an IP Address: A workaround is available to generate and install a client certificate containing a client IP address into a Java key store for JCE client application use.
Key versioning and group key permission are not supported by the Key Manager device with the KMIP protocol.
Resolved and Known Issues
The following table defines the severity of the issues listed in this section.
Priority | Classification | Definition |
---|---|---|
C | Critical | No reasonable workaround exists. |
H | High | Reasonable workaround exists. |
M | Medium | Medium level priority problems. |
L | Low | Lowest level priority problems. |
Resolved Issues
The following issues are fixed in this release.
Issue | Severity | Synopsis |
---|---|---|
CADP-16409 | M | [Remote Mode] EC encryption followed by RSA sign fails when called in same the connection (from CipherTrust Manager 2.15 and higher versions) |
CADP-18005 | L | Performance Issues with CADP for JAVA 8.15 on Linux |
CADP-12400 | M | While retrieving global keys using the getKeys() API, CADP for Java throws Server closed connection exception (from CipherTrust Manager 2.13 and higher versions). |
CADP-18119 | H | For AES/GCM, Key_non_exportable_policy attribute is giving "Null input buffer" error when symmetric cache is enabled but key is not exportable. |
CADP-16502 | M | Support for java Amazon Corretto 17. |
CADP-18147 | M | AES GCM decryption with update fails in remote mode. |
CADP-18149 | M | AES GCM decryption with update fails in local after symmetric cache refresh. |
CADP-14365 | M | Support for AES/CTR/NoPadding in remote mode. |
CADP-17426 | M | Getting CacheLoader error when same key name (different key bytes) is used for root and domain users. |
CADP-17786 | M | Getting error while tokenizing/detokenizing data with same keys for root and domain users. |
CADP-20565 | M | Vulnerability in bcprov-jdk15to18-1.77.jar. |
Known Issues
The following issues are known to exist in the product at the time of release.
Issue | Severity | Synopsis |
---|---|---|
CADP-20482 | L | CADP for JAVA installer is not supported with IBM JAVA. Workaround - Recommended to use Maven package. |
CADP-17511 | M | Getting Server closed connection error on exporting a retired key. |
CADP-17573 | L | [Local Mode] Getting Server closed connection error on exporting a retired key. |
CADP-16489 | M | Type of custom key attributes can't be modified using CADP for Java WebServices. |
CADP-18026 | M | ECC key creation request fails with null pointer exception on IBM Java 8. |
CADP-10355 | H | Bulk crypto operation becomes unresponsive when data size and batch size are greater than 2000. |
CADP-10241 | H | Bulk operation with AES/CBC/PKCS5Padding returns incorrect ciphertext when batch size exceeds 375. |
CADP-9834 | H | For bulk operation, if data is null or blank, the whole batch is discarded and the operation is terminated. |
CADP-13846 | M | [KMIP] Unable to add custom attribute. |
CADP-13847 | M | [KMIP] Unable to delete key. |
CADP-13848 | M | [KMIP] Crypto not working for AES/GCM. |
CADP-13849 | M | [KMIP] Unable to perform wrap and unWrap. |
CADP-13850 | M | [KMIP] Query operation not working. |
PAN-1802 | M | In a Multithreaded environment, Given Final Block not properly padded exception is thrown if ECB mode is used for encryption/decryption and Persistent cache is also enabled. |
PA-4314 | M | KMIP: Authenticated user cannot Locate global keys. |
48382 | M | Considerations when using PKCS #5 Padding. Problem: If users attempt a chain of operations that includes two decrypt operations that use PKCS #5 padding, the chain of operations might hang because both decrypt operations wait for the doFinal() method. This scenario poses another potential issue when the user’s input data requires only one block (e.g. 8 bytes for DES and DESede, or 16 bytes for AES), with chances of the NAE server returning incorrect data. |
Compatibility Information
Key Manager
CipherTrust Manager 2.11.1 and higher versions.
Operating Systems
CADP for Java works with most of the operating systems. It is supported on a variety of platforms, including Windows, RHEL, Solaris, HPUX, and AIX PowerPC. Not all operating system versions combinations are explicitly validated.
Supported JRE
Following JRE versions are supported in this release:
Oracle Java version 8, 10, 11, 12, 14, 15, 17, 19, 21 (Validated)
OpenJDK 8, 10, 11, 12, 14, 15, 17, 19, 21 (Validated)
Derivatives of OpenJDK supported versions.
Deliverables
This release includes the following components:
Software: CADP for JAVA (.zip format) available on Support Portal
Product documentation is available on Thalesdocs
CADP for Java samples are available on Github
Package for CADP for Java (Java API) is available on Maven