File Systems Compatibility
This topic highlights the data compatibility, version compatibility, and operational interoperability of CTE-U with other CTE (Linux/Windows/K8s), ProtectFile and CipherTrust Manager products and versions. It provides detailed information on supported data formats, protocols, and integration methods to ensure seamless compatibility and functionality.
Supported Encryption formats for CTE UserSpace
CTE-U supports a variety of data formats to ensure interoperability with other CTE and CM products:
Encryption Mode | Description |
---|---|
CBC-CS1 | Default encryption mode for CTE-U. All new deployments and data transformation will use this format by default. Administrators should use CBC-CS1 key on CipherTrust Manager. CTE-U creates an embedded header for every file encrypted using CBC-CS1. |
CBC | Legacy mode supported by CTE-U for ProtectFile to CTE-U migration. As ProtectFile only supports CBC, CTE-U uses it to read the ProtectFile encrypted data. CTE-U supports only CBC for block device encryption. |
Data compatibility with CTE products
Migrating from CTE Linux
Migration of data from CipherTrust Transparent Encryption to CTE-U is supported for all file systems.
-
CTE-U reads the encryption information for CTE local files.
-
CTE-U uses CBC-CS1 encryption mode.
Limitations
-
CipherTrust Transparent Encryption cannot read CTE-U data created on local File systems
-
CTE-U 10.3.0 is not data compatible with CTE version 7.6
Using CTE-U with a Live Data Transformation Policy
-
Install CipherTrust Transparent Encryption 7.6.0.86, or a subsequent version, on a client.
-
Guard the NFS shared path with an the LDT policy.
-
Wait for the rekey to complete, then calculate the md5sum of file in GP.
-
In CipherTrust Manager, in the GuardPoint window, click the ellipsis on the right side of a GuardPoint and select disable to disable the GuardPoint on the client.
-
Install CTE-U v10.3.0.66, or a subsequent version, on a different client.
-
Mount the same NFS shared path to the CTE-U client.
-
Create a clone of the versioned key from the LDT policy. The clone function creates a new key with the same cryptographic encryption material as the current version of the cloned versioned key.
-
In the CipherTrust Manager Applications Page, open the Keys & Access Management application.
-
Click the name of the versioned key that you want to clone.
-
In the Key Details area, click the (...) button at the end of the row showing the current version of the key and select Clone to clone the current version.
-
Enter a new name for the key in the Key Name field. Do not select the CTE Versioned option for the clone.
-
Click Clone.
-
-
Create a standard policy using the cloned key.
-
Guard the NFS mounted path using the standard policy created that you just created.
CTE Windows
- Not compatible
CTE for Kubernetes
CTE-U and CTE-K8 are 100% data compatible.
CTE-K8s | CTE-U | CTE |
---|---|---|
1.0.0 | 1.0.0 | 7.2.0 |
1.1.0 | 1.1.0 | 7.2.0 |
1.2.0 | 10.0.0 | 7.3.0 |
1.3.0 | 10.1.0 | 7.4.0 |
1.4.0 | 10.2.0 | 7.5.0 |
1.5.0 | 10.3.0 | 7.6.0 |
ProtectFile
-
CTE-U can read files encrypted with ProtectFile.
-
CTE-U converts all ProtectFile headers into a CTE header after dataxform.
-
CTE-U GuardPoint can have CTE and ProtectFile format file exist together.
-
Use the PF MIGRATE utility to migrate CipherTrust Manager policies from ProtectFile to CTE-U.