Release Notes
Product Description
CAKM for Oracle TDE provides key management and data encryption capabilities, in conjunction with the CipherTrust Manager, to Oracle Transparent Data Encryption (TDE).
Release Description
This release includes new features and enhancements.
Features and Enhancements
OpenSSL Upgrade: The OpenSSL version used by CAKM for Oracle TDE is upgraded to 3.0.15
Ease of configuration by copying parameters from previous configuration file) during upgrade
Installation parameters can be passed while performing silent installation for both Linux and Windows
Tracking the Opaque Object associated with the AES Key
Enhanced support of keys in v$encryption view to 0.5 million (CM 2.13 onwards)
Added process name in the CAKM Log file
Provided support to configure Encrypted Credential in configuration file (
cakm_for_oracle_tde_basic.conf
) and command line argument used in silent installation for both Linux and Windows
Advisory Notes
- Multiple CipherTrust Manager users with
Key_user
privileges in the same domain can view the v$Encryption by adding them to a group. This group is then added to DATA_OBJECT_SUPPORTED_IDEN object withRead
,Use
, andExport
permission only.
Supported Product Versions
Supported Platforms
Windows Server 2022 and 2019, 64 bit (validated with Windows Server 2022)
RHEL 9.x, 64-bit (validated with RHEL 9.5)
RHEL 8.x, 64-bit (validated with RHEL 8.7)
RHEL 8.x, 64-bit (validated Oracle 19c ExaCC on RHEL 8.10) on DataGuard platform
Oracle Linux 9.x, 64-bit (validated with Oracle Linux 9.4)
Oracle Linux 8.x, 64-bit (validated with Oracle Linux 8.7)
Supported Oracle Database
- Oracle Database 19c (validated with 19.25.0.0.0)
Supported CipherTrust Manager
CipherTrust Manager 2.5.2 and higher
Note
Support for LDAP Users with CipherTrust Manager version 2.8 and above.
Support for v$encryption_keys with CipherTrust Manager version 2.10 and above.
Migration from VKM to CAKM for Oracle TDE is supported from CipherTrust Manager 2.5.2 and higher.
Known Issues
This section lists the issues known to exist in the product at the time of release. The following table defines the severity of the issues listed in this section.
Severity | Classification | Definition |
---|---|---|
C | Critical | No reasonable workaround exists. |
H | High | Reasonable workaround exists. |
M | Medium | Medium level priority problems. |
L | Low | Lowest level priority problems. |
Known Issues
Issue | Severity | Synopsis |
---|---|---|
CADP-24068 | M | Problem: CAKM for Oracle TDE does not attempt to reconnect to CipherTrust Manager when encountering a read timeout error during authentication. Workaround: You can use a persistent cache to minimize the number of requests that CAKM for Oracle TDE sends to CipherTrust Manager. |
Upgrade Paths
CAKM for Oracle TDE can be upgraded from:
SafeNet PKCS#11 library to CAKM for Oracle TDE
From To SafeNet PKCS#11 library CAKM for Oracle TDE 8.10.0 or higher Note
Upgrade is validated from SafeNet PKCS#11 Library 8.3.0 and higher.
VKM to CAKM for Oracle TDE
From To VKM 6.3.0 or higher CAKM for Oracle TDE provider 8.10.0 or higher DSM 6.4.4 or higher CipherTrust Manager 2.5.2 and higher
Limitations
- v$encryption is only supported if the CipherTrust Manager is reachable.