Release Notes
Product Description
CAKM for Microsoft SQL Server EKM provides key management and data encryption capabilities, in conjunction with the CipherTrust Manager, to Microsoft SQL Server Extensible Key Management (EKM). It allows the users to perform Transparent Data Encryption (TDE) as well as cell level encryption within Microsoft SQL Server while holding their keys securely and externally in the CipherTrust Manager.
Release Description
This release includes new features, enhancements, and bug fixes.
Features and Enhancements
OpenSSL Upgrade: The OpenSSL version is upgraded to 3.0.15.
DLL Certificate Validity: The validity of the dll Certificate is extended to two years.
Provided support to configure Encrypted Credential in configuration file (cakm_basic.conf) used in silent installation.
Log File changes:
CAKM Log File
- Updated default file name:
<SQL EKM Installation path>\logs\cakm_logfile.log
- Updated default file name:
SQL EKM Wrapper Log File
Updated default file name:
<SQL EKM Installation path>\logs\cakm_sql_ekm_wrapper.logLog Rotation (Daily, Size)
Log Level (DEBUG, INFO, WARN, ERROR, NONE)
Log Format similar to CAKM Logs
Known Issues
| Reference | Synopsis |
|---|---|
| CADP-21929 | In daily log rotation, the rotated log file is named using the current date timestamp, but it contains the logs from the previous day. |
| CADP-22539 | The log file may grow larger than the configured size limit before rotating. |
| CADP-23542 | When CAKM for Microsoft SQL Server EKM is installed using the GUI, the Log_Level parameter in the properties file isn't set to WARN. |
| CADP-23716 | Incorrect Log Level message by MS_Sql_Ekm_Log parameter. Workaround: The incorrect log message generated as an error or warning is actually a debug message. However, this does not affect the functionality of the Connector. To avoid the incorrect log message, you can disable the logs by leaving the MS_Sql_Ekm_Log parameter blank. |
| CADP-25067 | When a non-existing key is requested from CipherTrust Manager, the CAKM client tries to free unallocated memory. This leads to heap corruption, causing the user to encounter an EXCEPTION_ACCESS_VIOLATION error. |
| CADP-26384 CADP-26346 | MSSQL (2019/2016) Database instance crashes when dropping the symmetric key using the REMOVE PROVIDER KEY option in the DROP query, causing an EXCEPTION_INVALID_CRT_PARAMETER error.Workaround: Drop the key without using REMOVE PROVIDER KEY. This will delete the key from the database and you can manually delete the key from CipherTrust Manager. |
Resolved Issues
| Reference | Synopsis |
|---|---|
| CADP-19144 | Error encountered on running req.exe while installing CAKM for Microsoft SQL Server EKM. |
| CADP-19153 | Key caching not working. |
Supported Product Versions
Microsoft SQL Server
Note
MSSQL server must be updated to the latest patch
MSSQL Server 2022
MSSQL Server 2019
MSSQL Server 2017
MSSQL Server 2016
Supported CipherTrust Manager
- CipherTrust Manager 2.3.0 and higher
Note
Migration from VKM to CAKM for Microsoft SQL Server EKM provider is supported from CipherTrust Manager 2.5.2 and higher.
Supported Platforms
Windows Server 2025, 64-bit
Windows Server 2022, 64-bit
Windows Server 2019, 64-bit
Windows Server 2016, 64-bit
Upgrade Paths
CAKM for Microsoft SQL Server EKM provider can be upgraded from:
Upgrade Path Upgrade Path SafeNet MSSQL EKM Provider CAKM for Microsoft SQL Server EKM provider 8.5.0 or higher Note
Upgrade is validated from Safenet EKM 8.4.0 and higher.
VKM to CAKM for Microsoft SQL Server EKM provider
Upgrade Path Upgrade Path VKM 6.4.0 or higher CAKM for Microsoft SQL Server EKM provider 8.5.0 or higher DSM 6.4.5 or higher CipherTrust Manager 2.5.2 and higher
