Release Notes
Product Description
CAKM for Oracle TDE provides key management and data encryption capabilities, in conjunction with the CipherTrust Manager, to Oracle Transparent Data Encryption (TDE).
Release Description
This release includes new features, enhancements, and bug fixes.
Features and Enhancements
Support for LDAP Users with CipherTrust Manager
Support for installation of CAKM for Oracle TDE connector through LDAP User
Support for V$Encryption Key with CipherTrust Manager
Supported Product Versions
Supported Platforms
Windows Server 2019, 64-bit
RHEL 7.x, RHEL 8.x, 64-bit
Oracle Linux 7.9, 64-bit
AIX 7.2, 64-bit
Solaris 11.4, 64-bit
Supported Oracle Database
- Oracle Database 19c (validated with 19.9.0.0.0)
Supported CipherTrust Manager
- CipherTrust Manager 2.5.2 and higher
• Support for LDAP Users with CipherTrust Manager version 2.8 and above.
• Support for V$Encryption Key with CipherTrust Manager version 2.10 and above.
• Migration from VKM to CAKM for Oracle TDE is supported from CipherTrust Manager 2.5.2 and higher.
Known Issues
This section lists the issues known to exist in the product at the time of release. The following table defines the severity of the issues listed in this section.
| Severity | Classification | Definition |
|---|---|---|
| C | Critical | No reasonable workaround exists. |
| H | High | Reasonable workaround exists. |
| M | Medium | Medium level priority problems. |
| L | Low | Lowest level priority problems. |
Known Issues
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-13333 | C | Problem: V$encryption view encounters an error leading to unexpected termination of the Oracle session when the log_level is set to INFO. Workaround: Set log_level to any other value except INFO. |
Upgrade Paths
CAKM for Oracle TDE can be upgraded from:
SafeNet PKCS#11 library to CAKM for Oracle TDE
From To SafeNet PKCS#11 library CAKM for Oracle TDE 8.10.0 or higher Upgrade is validated from SafeNet PKCS#11 Library 8.3.0 and higher.
VKM to CAKM for Oracle TDE
From To VKM 6.3.0 or higher CAKM for Oracle TDE provider 8.10.0 or higher DSM 6.4.4 or higher CipherTrust Manager 2.5.2 and higher
Limitations
To avail the V$Encryption functionality, it is recommended to create one user only in one domain on the CipherTrust Manager with Key Users privileges. If there are more than one user with key privileges in the same domain, only the first user will be able to view the V$Encryption.
V$encryption is only supported if the CipherTrust Manager is reachable.
V$encryption view will only show recently created/updated 500 keys:
if the number of master keys are greater than 500 per domain on the CipherTrust Manager version 2.12 and above.
if the number of master keys are greater than 500 across the CipherTrust Manager versions 2.10 and 2.11.1.
