Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

LDT Administration

LDT Metadata in Extended Attributes

search

Please Note:

printsuggest an edit

LDT Metadata in Extended Attributes

An extended attribute is a name/value pair permanently associated with a file or directory stored in a file system. CipherTrust Transparent Encryption (CTE) creates and maintains its own user extended attributes on LDT GuardPoint directories and files. The extended attributes are used to store metadata related to each file or directory that is protected using an LDT policy.

On Linux, LDT sets extended attributes on GuardPoint directories. The LDT attribute of an LDT GuardPoint stores the following metadata:

  • Current key version.

  • Rekey status.

  • Rekey start and end times.

  • Estimated completion time.

  • Total amount of data transformed.

  • Total number of files transformed.

  • Current key signature and applied key signature.

On both Linux and Windows, LDT sets extended attributes on files. The LDT attribute of a file stores the following metadata:

  • Name of the current key.

  • Name of the versioned key.

  • Version number of the versioned key.

  • LDT rekey status of the file.

In most cases, the current and new key names are the same. The exception is during initial transformation from a legacy policy to an LDT policy, when the file has been encrypted with the current key and is being transformed to the current version of the transformation key.

Note

Before you set up a GuardPoint for LDT, ensure that there is sufficient disk space available in your file system for LDT metadata. The amount of disk space you need depends on the number of files in your GuardPoint. For more information about the disk space requirement, see Planning for LDT Attribute Storage.

The state of a file changes during LDT operations. The extended attributes are continually updated to reflect the current file status, which falls into one of the following categories:

  • Rekeyed to the current version of the key.

  • Rekeyed to the previous version of the key, or the initial key state (before the first LDT rekey has been performed).

  • Partially rekeyed, where some regions of the file are rekeyed to the new key version and other regions are still keyed to the previous key version or the initial key.

On this page