Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Enhanced Encryption Mode

File Systems Compatibility

search
printsuggest an editpdf paneldownload

File Systems Compatibility

This topic highlights the data compatibility, version compatibility, and operational interoperability of CTE-U with other CTE (Linux/Windows/K8s), ProtectFile and CipherTrust Manager products and versions. It provides detailed information on supported data formats, protocols, and integration methods to ensure seamless compatibility and functionality.

copy link to clipboardSupported Encryption formats for CTE UserSpace

CTE-U supports a variety of data formats to ensure interoperability with other CTE and CM products:

Encryption Mode Description
CBC-CS1 Default encryption mode for CTE-U. All new deployments and data transformation will use this format by default. Administrators should use CBC-CS1 key on CipherTrust Manager. CTE-U creates an embedded header for every file encrypted using CBC-CS1.
CBC Legacy mode supported by CTE-U for ProtectFile to CTE-U migration. As ProtectFile only supports CBC, CTE-U uses it to read the ProtectFile encrypted data. CTE-U supports only CBC for block device encryption.

copy link to clipboardData compatibility with CTE products

copy link to clipboardMigrating from CTE Linux

Migration of data from CipherTrust Transparent Encryption to CTE-U is supported for all file systems.

  1. CTE-U reads the encryption information for CTE local files.

  2. CTE-U uses CBC-CS1 encryption mode.

copy link to clipboardLimitations

  • CipherTrust Transparent Encryption cannot read CTE-U data created on local File systems

  • CTE-U 10.3.0 is not data compatible with CTE version 7.6

copy link to clipboardUsing CTE-U with a Live Data Transformation Policy

  1. Install CipherTrust Transparent Encryption 7.6.0.86, or a subsequent version, on a client.

  2. Guard the NFS shared path with an the LDT policy.

  3. Wait for the rekey to complete, then calculate the md5sum of file in GP.

  4. In CipherTrust Manager, in the GuardPoint window, click the ellipsis on the right side of a GuardPoint and select disable to disable the GuardPoint on the client.

  5. Install CTE-U v10.3.0.66, or a subsequent version, on a different client.

  6. Mount the same NFS shared path to the CTE-U client.

  7. Create a clone of the versioned key from the LDT policy. The clone function creates a new key with the same cryptographic encryption material as the current version of the cloned versioned key.

    1. In the CipherTrust Manager Applications Page, open the Keys & Access Management application.

    2. Click the name of the versioned key that you want to clone.

    3. In the Key Details area, click the (...) button at the end of the row showing the current version of the key and select Clone to clone the current version.

    4. Enter a new name for the key in the Key Name field. Do not select the CTE Versioned option for the clone.

    5. Click Clone.

  8. Create a standard policy using the cloned key.

  9. Guard the NFS mounted path using the standard policy created that you just created.

copy link to clipboardCTE Windows

  • Not compatible

copy link to clipboardCTE for Kubernetes

CTE-U and CTE-K8 are 100% data compatible.

CTE-K8s CTE-U CTE
1.0.0 1.0.0 7.2.0
1.1.0 1.1.0 7.2.0
1.2.0 10.0.0 7.3.0
1.3.0 10.1.0 7.4.0
1.4.0 10.2.0 7.5.0
1.5.0 10.3.0 7.6.0

copy link to clipboardProtectFile

  • CTE-U can read files encrypted with ProtectFile.

  • CTE-U converts all ProtectFile headers into a CTE header after dataxform.

  • CTE-U GuardPoint can have CTE and ProtectFile format file exist together.

  • Use the PF MIGRATE utility to migrate CipherTrust Manager policies from ProtectFile to CTE-U.

On this page