Your suggested change has been received. Thank you.


Suggest A Change….


Release Notes


Please Note:

Release Notes

Product Description

CipherTrust Vaulted Tokenization (CT-V) supplements Thales encryption solutions by facilitating smooth application performance and transparent end-user operation while keeping encrypted information secure in one central location. For countries with data privacy laws that require sensitive data remain in country, tokenization offers the flexibility to offshore storage without compromising compliance. CT-V also helps simplify audit compliance by reducing the number of auditable systems.

Release Description

CT-V 8.12.3 includes new features and enhancements.

New Features and Enhancements

  • Changed acronym of CipherTrust Vaulted Tokenization from CVT to CT-V.

  • Added support to configure the size of custom data column of a token vault during vault creation and vault upgradation for MySQL database.

  • Upgraded ProtectApp JCE to CADP JCE 8.12.2.

  • Added support for Java 17.

  • Added support for the following databases:

    • Oracle 21c

    • SQL Server 2019

Notes for MySQL Database

  • If a token vault contains multiple entries of the same plaintext with different custom data, CT-V 8.12.3 cannot be used with these token vaults.

  • Upgrade the existing token vaults to make them compatible with CT-V 8.12.3.

  • Non-idempotent token vaults are not supported for MySQL database.

Supported Databases

CT-V 8.12.3 is the next standard release over the previous release. This version is explicitly validated on the following platforms:

Oracle 11gSQL Server 2008SQL Server 2019
Oracle 12cSQL Server 2012MySQL 5.6
Oracle 18cSQL Server 2014MySQL 5.7
Oracle 19cSQL Server 2016MySQL 8.0
Oracle 21cSQL Server 2017Informix 12.10


  • Java developers can use CT-V as a Web service with Apache Tomcat (versions 6 to 9) and Apache Axis2 1.7.8. Axis2, version 1.7.8 is required when using Tomcat.

  • .NET developers can install CT-V using Microsoft IIS. Refer to CipherTrust Vaulted Tokenization User Guide for details.

Advisory Notes

  • Enable SSL communications between CT-V and Microsoft SQL Server

    To enable SSL communications between CT-V and Microsoft SQL Server, edit the and set the DatabaseType=SQLServerSSL. If using the Web service, restart Tomcat so that the CT-V jar file will be reloaded with the new property value. The JDBC driver will use SQL Server's self-signed certificate.

  • Multi-threading

    By default, CT-V automatically splits insert, get, and getToken batches larger than 2000 into multiple threads and executes them in parallel. In these scenarios, adding multithreading to your application may not be necessary.

    When using CT-V in a multithreaded application, it is recommended to use use no more than 10 threads per single CPU machine.

  • Oracle Batch Jobs

    It is recommended to execute the analyze table command after running the first batch job on a token vault in an Oracle database.

    For example:

    analyze table <your_token_vault_table> compute statistics;

    If this command is not used, performance will degrade after running batches between 5000 and 10000 rows. When using the CT-V Web service, this performance degradation will cause a Read Timeout Exception.

Issues Severity and Classification

The following table serves as a key to the severity and classification of the issues listed in the Known Issues table:

CCriticalNo reasonable workaround exists.
HHighReasonable workaround exists.
MMediumMedium-level priority problems.
LLowLow-level priority problems.

Known Issues

MCADP-6120The Verify_SSL_Certificate parameter does not work with Java 17.
MTM-8496CT-V does not throw an exception when the insert API is used with sequential vault with formats other than SEQUENTIAL_TOKEN in the Oracle database.

Summary: When the insert API is used with sequential vault with formats other than SEQUENTIAL_TOKEN, CT-V does not throw an exception. Ideally, CT-V should throw an error.
LTM-8521Bulk detokenization header message prints tokens instead of detokens.

Summary: While performing bulk detokenization, header message prints number of tokens instead of number of detokens.
LTM-8535Local mode throws exceptions in multithreaded environment.

Summary: When running JCE 8.5 in local mode for multiple threads, following errors are encountered: Cipher not initialized.

javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher.
MTM-7572Windows authentication - DB to DB migration fails with Active Directory user.

Summary: DB-to-DB bulk migration fails on using active directory user for database user.
MTM-7186SQL Server - Token created on passing string of length 2000 in SQL Server.

Summary: SQL Server supports a default token length of 256. If a token is created of length higher than 256, the token is created of default length 256 thus ignoring the given input data length.
MTM-7029getTokenByDate is effective on date but not on time.

Summary: getTokenByDate API is applicable on date but not on time.
LTM-6858.NET installer 32 bit is not working with Windows Server 2012 64-bit.

Summary: On installing CT-V with .NET installer (32-bit) on Windows Server 2012 64-bit, the following message is being displayed:

The operating system is not adequate in running CipherTrust Vaulted Tokenization”.

But same .NET installer (32-bit) is working with Windows Server 2008 64-bit.
MTM-6979getTokenByDate API not working with batch custom data.

Summary: getTokenByDate API is not working with batch custom data.
MTM-6949Unable to select Filegroup/Tablespace on creation from KeySecure Classic GUI.

Summary: In the Vault Index Filegroup fields, entering anything other than the default value, returns the following error:

Error: Incorrect syntax near the keyword 'ON'.
MTM-6945CT-V not replicating tokens to local site on calling get() API.
MTM-6601The getTokensByDate() API retrieves token from the local site even when CT-V is configured for the multi-site feature.

Summary: The getTokensByDate() API retrieves token from the local site even if the multi-site feature is configured on CipherTrust Vaulted Tokenization.
HTM-6577Performance efficiency degrades in version 6.5.0 of SafeNet Tokenization.

Summary: The performance of SafeNet Tokenization goes down after an upgrade to SafeNet Tokenization 6.5. This is a known issue with SafeNet Tokenization and Java 1.6 (Both Sun and IBM versions) on Linux platforms, caused due to a Java defect.

Refer to Java Bug Database for information on Java defect.

Workaround: It is recommended that you upgrade to Java 1.7. Alternatively, you can set securerandom.source to file:/dev/./urandom. For example,
H151139Intermittent Error When Deleting Token Vaults From the Management Console.

Summary: When deleting a token vault, particularly a vault with a large number of rows, the Management Console may seem to hang. This is because the Management Console does not remove the token vault entry until the database confirms that the vault has been deleted. The larger the vault, the more time this takes.

During this time, if a KeySecure administrator attempts to refresh the web browser, or repeatedly clicks the delete button, the Management Console can reach an error state. Likewise, if a KeySecure administrator attempts to access the token vault entry during the delete process, the Management Console may return an inaccurate message, such as “Token vault does not exist”.

Workaround: Do not interrupt the Management Console when deleting a token vault. Do not click the Delete button again, do not attempt to access the token vault entry in the Management Console or refresh the browser. The Management Console will indicate when the vault has been deleted from the database.
CT-V requires c3p0 settings and retry logic code when failover occurs in Oracle RAC environment.

Summary: Calls to get(), insert(), update(), deleteToken(), and deleteValue() will not failover when the database server goes down.

Workaround: To work around this issue:

1. Set the following c3p0 parameters in the file:

  • c3p0.testConnectionOnCheckin=true
  • c3p0.idleConnectionTestPeriod=10
  • c3p0.preferredTestQuery=select * from dual

2. Place the API call in the try block and decrement the loop counter in the catch block to retry for the same input value as shown in Retry Logic Code below:
while (true) {
for (int loop = 0; loop < 10000; loop++)
{ data_toTokenize = data_toTokenize + loop;
try {
token = ts.insert(data_toTokenize,dbTable,format, true);
System.out.println("Token #"+loop+" Original Data "+data_toTokenize+" in newformat: " + token);
catch (Exception e) {
System.out.println("Token #"+loop+" Original Data "+data_toTokenize+" in new format: " + token+" FAILED");
//For retrying for the same input value

Compatibility and Upgrade Information

CT-V 8.12.3 is compatible with:

  • KeySecure Classic: 8.12.3 and higher versions.

  • CipherTrust Manager: 2.2 and higher versions.

Installation and Upgrade Instructions

Refer to CipherTrust Manager User Guide for complete installation and upgrade instructions for the server, and CipherTrust Vaulted Tokenization User Guide for the client and token vault details.

Installation Prerequisites for Client

  • Supported Java versions are 7 (minimum 1.7.0_121), 8 (minimum 1.8.0_111), 10, 11, 17.

  • Installing CT-V in the .NET environment, requires the following:

    • A recent version of .NET Framework is installed. It is recommended to use .NET version 4.0.

    • A token vault is already created.


      • The InstallShield Wizard first deletes the existing version of CipherTrust Vaulted Tokenization, and then installs the latest version.

      • Before installing the latest version of CT-V in the .NET environment, manually uninstall SafeNet Tokenization 8.4.0 or lower versions, otherwise the installation will fail.