User Guides
CTE-U Quick Start Guide
- Terminology and Components
- Install and Configure CTE-U with CipherTrust Manager
  - Installation Prerequisites
  - Installation and Registration
  - Verifying Package Signatures
  - Setting the SE Linux state
- Guarding with CTE-U and CipherTrust Manager
  - Access the CipherTrust Manager Domain
  - Create an Encryption Key
  - Guarding CTE files with CTE-U
- Exporting GuardPoints over NFS
- Migrating CTE Agents to CTE-U
- Multifactor Authentication for CTE-U
  - Introduction to Multifactor Authentication
  - Using [CTE-U,MFA]
  - Use Cases for MFA on CTE
  - Exempting some users from authentication with a Whitelist
  - Setting up Multifactor Authentication with a One-Time-Password
  - Setting up Multifactor Authentication with an Inactivity Time Out
  - Administrator Tasks for Multifactor Authentication
  - Troubleshooting Multifactor Authentication
CTE-U Health Manager Utility
- Performing Health Check
- Using the Monitor
- Service Commands
- Viewing the Service Status
- Gathering the Technical Dump
- Troubleshooting/ Debugging CTE-U
CTE-U Agent Advanced Configuration Guide for Linux
- CTE-U Overview
- Getting Started
  - Configuring CTE-U with CipherTrust Manager
- Enhanced Encryption Mode
- CTE with systemd
  - CTE Agent Control Changes on systemd
- Utilities
  - CTE-U Linux Authentication and Client Settings
  - Individual GuardPoint Tuning
  - Secfsd Utility
- Upgrading CTE-U on Linux
- Uninstalling CTE-U from Linux
Using FreeBSD with CTE-U
- FreeBSD Jail
- Install CTE-U Dependencies
- FreeBSD Services
- Upgrade CTE-U Packages
- Remove CTE-U Packages
- Unsupported Features for CTE-U with FreeBSD

Guarding CTE files with CTE-U

CTE-U can read and write CTE files encrypted with a CS1 key on a local drive, (XFS or EXT 4). The kernel files contain a CTE header that is already compatible with CTE-U, however, that header is stored as an extended attribute on the file, and not as an embedded header.

Local file systems in CTE with CS1 keys also store header information in an extended attribute. When opening the file, if CTE-U does not find an embedded header, it looks for the existence of a header in the extended attributes.

Note

Thales recommends that you perform a backup in CTE and restore the backup to CTE-U. In CTE to CTE-U migration, in your policy, you must have full write permissions (permit, audit, all_ops, applykey) on the files copied from the CTE backup to the CTE-U GuardPoint.

Using Data Transformation to convert file headers

Data Transformation can convert the header files in the CTE from extended attribute files to embedded header files.

To convert the files, after applying your Data Transformation production policy to your GuardPoint, run the following command:

    dataxform --scan --embed --gp <GP>

This forces the conversion of all file sizes so they display correctly.

See Rekeying with Data Transformation for more information.

Suggest A Change

Guarding CTE files with CTE-U

Using Data Transformation to convert file headers

On this page