Release Notes
Product Description
CipherTrust Application Data Protection for .NET Core provides APIs for performing cryptographic and key management operations using CipherTrust Manager.
Release Description
This release includes bug fix.
Features and Enhancements
Handled the Microsoft Security Advisory CVE-2024-30105.
Improvised the security for persistent cache.
(Key(s) present in the persistent cache file will be deleted. Persistent cache file will be updated with the same keys fetched from the CipherTrust Manager while performing crypto operations.)
Deprecated Support
The
Hostproperty is no longer required and will be deprecated in future release.The old log levels (LOW, MEDIUM, HIGH) are deprecated.
ProtectApp .NETCore 8.9 and earlier versions are now end of development.
Advisory Notes
It is recommended not to use the
Hostproperty; as this property will be deprecated in future release.Use the new log levels named NONE, ERROR, WARN (default), INFO, and DEBUG. If old log levels are used, they will be automatically set to WARN state.
Permissions
To run the CADP for .NET Core, it is important that users have the necessary read and write permissions for log files.
If users do not have appropriate permissions, the CADP for .NET Core will return an error.
.NET Standard
CADP for .NET Core version 8.14.1 is supported on .NET Standard 2.1.
Multi-threaded Application with Large Number of Threads and Sessions
When spawning a high number of threads with each thread opening a new session, and all threads getting spawned with a delay in milliseconds, the code takes few seconds to process SSL client certificates. On the other hand if the threads can share the session the delay in SSL Client Certificate processing can be avoided.
Resolved Issues
This section lists the issues fixed in this release.
| Issue | Synopsis |
|---|---|
| CADP-21498 | CADP for .NET Core application crashes if the Syslog server IP is configured and the Syslog properties (such as Syslog_Framing_Type, Syslog_Format) are either set to blank or invalid values are specified. |
Known Issues
This section lists the issues known to exist in the product at the time of release.
| Issue | Synopsis |
|---|---|
| CADP-17523 | Problem: FF3-1/Card10 remote mode, the crypto operations don't work outside cardinality data provided in the input. Workaround: Use FF3-1/Card10 in local mode. |
| PAN-3064 | Problem: The HMAC ComputeHash API throws an error when data is more than 4096 bytes in remote mode. Workaround: Use the GenerateMac API. |
| CADP-11503 | Problem: The Special characters '&' and '<' are not supported in the Passphrase property.Workaround: Encrypt the Passphrase using PassphraseUtility and set the Passphrase Encrypted property to yes. |
| CADP-14766 | Problem: Decryption of remote encrypted bytes fails on local mode for AES/GCM versioned keys. |
| CADP-15995 | Problem: Special Character '&', '<' , and '>' are not supported in AAD data in AES/GCM. |
Limitations
For SSL connection, if multiple NAE servers are specified in the properties file, the Common Name/SAN must be same for all the server certificates. The
Hostproperty in the properties file only supports single value.For Persistent Cache to work properly, the total number of key versions on the CipherTrust Manager should be less than 10.
Compatibility Information
Supported Target Frameworks
.NET 6.0
.NET 8.0
Supported Platforms
CADP for .NET Core is tested on the following platforms:
Windows Server 2019 Datacenter
Red Hat Enterprise Linux 8.0 (Ootpa)
macOS 13.3
Ubuntu 20.04
Key Manager
CipherTrust Manager 2.2 and higher versions.
Deliverables
This release includes the following components:
NuGet Package (CipherTrust.CADP.NETCore)
Product documentation is available on Thalesdocs
CADP for .NET Core samples are available on GitHub
We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product.
