Release Notes
Product Description
CAKM for Oracle TDE provides key management and data encryption capabilities, in conjunction with the CipherTrust Manager, to Oracle Transparent Data Encryption (TDE).
Release Description
This release includes new features and enhancements.
Features and Enhancements
OpenSSL Upgrade: The OpenSSL version used by CAKM for Oracle TDE is upgraded to 3.0.8.
Supported TLS: Added support of TLSv1.3.
Supported Product Versions
Supported Platforms
Windows Server 2019, 64-bit
RHEL 7.x, 64-bit (validated with RHEL 7.9)
RHEL 8.x, 64-bit (validated with RHEL 8.7)
Oracle Linux 7.x, 64-bit (validated with OEL 7.9)
Oracle Linux 8.x, 64-bit (validated Dataguard and GoldenGate on OEL 8.x)
Supported Oracle Database
Oracle Database 19c (validated with 19.9.0.0.0)
Oracle Database 21c (validated with 21.3.0.0.0; only for RHEL 8.7)
Supported CipherTrust Manager
- CipherTrust Manager 2.5.2 and higher
• Support for LDAP Users with CipherTrust Manager version 2.8 and above
• Support for V$Encryption Key with CipherTrust Manager version 2.10 and above
• Migration from VKM to CAKM for Oracle TDE is supported from CipherTrust Manager 2.5.2 and higher.
Upgrade Paths
CAKM for Oracle TDE can be upgraded from:
SafeNet PKCS#11 library to CAKM for Oracle TDE
From To SafeNet PKCS#11 library CAKM for Oracle TDE 8.10.0 or higher Upgrade is validated from SafeNet PKCS#11 Library 8.3.0 and higher.
VKM to CAKM for Oracle TDE
From To VKM 6.3.0 or higher CAKM for Oracle TDE provider 8.10.0 or higher DSM 6.4.4 or higher CipherTrust Manager 2.5.2 and higher
Limitations
To avail the V$Encryption functionality, it is recommended to create one user only in one domain on the CipherTrust Manager with Key Users privileges. If there are more than one user with key privileges in the same domain, only the first user will be able to view the V$Encryption.
V$encryption is only supported if the CipherTrust Manager is reachable.
V$encryption view will only show recently created/updated 500 keys:
if the number of master keys are greater than 500 per domain on the CipherTrust Manager version 2.12 and above.
if the number of master keys are greater than 500 across the CipherTrust Manager versions 2.10 and 2.11.1.