Release Notes
Product Description
CipherTrust Application Data Protection for Java is a Java Cryptography Extension (JCE) provider that helps the users to integrate their Java applications with the cryptographic and key management abilities of the Key Manager. CADP for Java provides APIs (Java, REST, and SOAP) to perform cryptographic and key management operations using Key Manager.
Release Description
This release includes bug fix.
Advisory Notes
Before deploying this release, note the following high-level requirements and limitations:
Removal of
safenetcloud.warandsfbyok.warfiles form CADP for Java package: We are migrating CSEG and BYOK REST API support to open-source as integration. To handle these migrations, 8.15.0 release onward, thesafenetcloud.warandsfbyok.warfiles are not bundled with the CADP for Java package. Soon, CSEG and BYOK REST API support will be available as open-source.Jar File Version Change: The jar file version is 8.17.1.000 and the name of the file is CADP_for_JAVA-8.17.1.000.jar. Customers upgrading from previous releases must update the classpath to reflect this new name.
Downloading JCE Policy Files: The CADP for Java Provider does not include the JCE policy files required to use unlimited strength ciphers (e.g., 192- and 256-bit AES keys.) You must download the unlimited strength policy files for Java 8 implementation.
Generate and Install a Client Certificate with an IP Address: A workaround is available to generate and install a client certificate containing a client IP address into a Java key store for JCE client application use.
Key versioning and group key permission are not supported by the Key Manager device with the KMIP protocol.
Resolved and Known Issues
The following table defines the severity of the issues listed in this section.
| Priority | Classification | Definition |
|---|---|---|
| C | Critical | No reasonable workaround exists. |
| H | High | Reasonable workaround exists. |
| M | Medium | Medium level priority problems. |
| L | Low | Lowest level priority problems. |
Resolved Issues
The following issues are fixed in this release.
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-21863 | M | [Remote] Improved performance of crypto operations for Symmetric Algorithms (except AES/GCM). |
Known Issues
The following issues are known to exist in the product at the time of release.
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-20482 | L | CADP for JAVA installer is not supported with IBM JAVA. Workaround - Recommended to use Maven package. |
| CADP-17511 | M | Getting Server closed connection error on exporting a retired key. |
| CADP-17573 | L | [Local Mode] Getting Server closed connection error on exporting a retired key. |
| CADP-16489 | M | Type of custom key attributes can't be modified using CADP for Java WebServices. |
| CADP-18026 | M | ECC key creation request fails with null pointer exception on IBM Java 8. |
| CADP-10355 | H | Bulk crypto operation becomes unresponsive when data size and batch size are greater than 2000. |
| CADP-10241 | H | Bulk operation with AES/CBC/PKCS5Padding returns incorrect ciphertext when batch size exceeds 375. |
| CADP-9834 | H | For bulk operation, if data is null or blank, the whole batch is discarded and the operation is terminated. |
| CADP-13846 | M | [KMIP] Unable to add custom attribute. |
| CADP-13847 | M | [KMIP] Unable to delete key. |
| CADP-13848 | M | [KMIP] Crypto not working for AES/GCM. |
| CADP-13849 | M | [KMIP] Unable to perform wrap and unWrap. |
| CADP-13850 | M | [KMIP] Query operation not working. |
| PAN-1802 | M | In a Multithreaded environment, Given Final Block not properly padded exception is thrown if ECB mode is used for encryption/decryption and Persistent cache is also enabled. |
| PA-4314 | M | KMIP: Authenticated user cannot Locate global keys. |
| 48382 | M | Considerations when using PKCS #5 Padding. Problem: If users attempt a chain of operations that includes two decrypt operations that use PKCS #5 padding, the chain of operations might hang because both decrypt operations wait for the doFinal() method. This scenario poses another potential issue when the user’s input data requires only one block (e.g. 8 bytes for DES and DESede, or 16 bytes for AES), with chances of the NAE server returning incorrect data. |
Compatibility Information
Key Manager
CipherTrust Manager 2.11.1 and higher versions.
Operating Systems
CADP for Java works with most of the operating systems. It is supported on a variety of platforms, including Windows, RHEL, Solaris, HPUX, and AIX PowerPC. Not all operating system versions combinations are explicitly validated.
Supported JRE
Following JRE versions are supported in this release:
Oracle Java version 8, 10, 11, 12, 14, 15, 17, 19, 21 (Validated)
OpenJDK 8, 10, 11, 12, 14, 15, 17, 19, 21 (Validated)
Derivatives of OpenJDK supported versions.
Deliverables
This release includes the following components:
Software: CADP for JAVA (.zip format) available on Support Portal
Product documentation is available on Thalesdocs
CADP for Java samples are available on Github
Package for CADP for Java (Java API) is available on Maven
