Release Notes
Product Description
CAKM for Oracle TDE provides key management and data encryption capabilities, in conjunction with the CipherTrust Manager, to Oracle Transparent Data Encryption (TDE).
Release Description
This release includes support for Oracle 21c with RHEL 8.7.
Supported Product Versions
Supported Platforms
RHEL 7.x, 64-bit (validated with RHEL 7.9)
RHEL 8.x, 64-bit (validated with RHEL 8.7)
Supported Oracle Database
Oracle Database 19c (validated with 19.9.0.0.0)
Oracle Database 21c (validated with 21.3.0.0.0; only for RHEL 8.7)
Supported CipherTrust Manager
- CipherTrust Manager 2.5.2 and higher
• Support for LDAP Users with CipherTrust Manager version 2.8 and above
• Support for V$Encryption Key with CipherTrust Manager version 2.10 and above
• Migration from VKM to CAKM for Oracle TDE is supported from CipherTrust Manager 2.5.2 and higher.
Resolved Issues
This section lists the issues fixed in this release. The following table defines the severity of the issues listed in this section.
| Severity | Classification | Definition |
|---|---|---|
| C | Critical | No reasonable workaround exists. |
| H | High | Reasonable workaround exists. |
| M | Medium | Medium level priority problems. |
| L | Low | Lowest level priority problems. |
Resolved Issue
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-13333 | C | Problem: V$encryption view encounters an error leading to unexpected termination of the Oracle session when the log_level is set to INFO.Workaround: For platforms other than RHEL 7.x, set log_level to any value except INFO. |
Upgrade Paths
CAKM for Oracle TDE can be upgraded from:
SafeNet PKCS#11 library to CAKM for Oracle TDE
From To SafeNet PKCS#11 library CAKM for Oracle TDE 8.10.0 or higher Upgrade is validated from SafeNet PKCS#11 Library 8.3.0 and higher.
VKM to CAKM for Oracle TDE
From To VKM 6.3.0 or higher CAKM for Oracle TDE provider 8.10.0 or higher DSM 6.4.4 or higher CipherTrust Manager 2.5.2 and higher
Limitations
To avail the V$Encryption functionality, it is recommended to create one user only in one domain on the CipherTrust Manager with Key Users privileges. If there are more than one user with key privileges in the same domain, only the first user will be able to view the V$Encryption.
V$encryption is only supported if the CipherTrust Manager is reachable.
V$encryption view will only show recently created/updated 500 keys:
if the number of master keys are greater than 500 per domain on the CipherTrust Manager version 2.12 and above.
if the number of master keys are greater than 500 across the CipherTrust Manager versions 2.10 and 2.11.1.
