Release Notes
Product Description
CAKM for Oracle TDE provides key management and data encryption capabilities, in conjunction with the CipherTrust Manager, to Oracle Transparent Data Encryption (TDE).
Release Description
This release includes enhancements.
Features and Enhancements
OpenSSL Upgrade: The OpenSSL version used by CAKM for Oracle TDE is upgraded to 3.0.17.
v$encryption_keys now supports up to 0.5 million keys starting with CipherTrust Manager LTS version 2.11.1 and higher. See Verify Master Encryption Key.
Advisory Notes
Multiple CipherTrust Manager users with
Key_userprivileges in the same domain can view the v$Encryption by adding them to a group. This group is then added to DATA_OBJECT_SUPPORTED_IDEN object withRead,Use, andExportpermission only.This version of CAKM for Oracle TDE supports CipherTrust Manager LTS version 2.11.1 and higher. See CipherTrust Manager Release Model.
Supported Product Versions
Supported Platforms
Windows Server 2022 and 2019, 64 bit (validated with Windows Server 2022)
RHEL 9.x, 64-bit (validated with RHEL 9.5)
RHEL 8.x, 64-bit (validated with RHEL 8.7)
RHEL 8.10, 64-bit (validated for Oracle 19c on ExaCC with Data Guard)
Oracle Linux 9.x, 64-bit (validated with Oracle Linux 9.4)
Oracle Linux 8.x, 64-bit (validated with Oracle Linux 8.7)
AIX 7.3, 64-bit
Supported Oracle Database
Oracle Database 19c (validated with 19.25.0.0.0)
Oracle Database 19c (validated with 19.27.0.0.0) for AIX only.
Supported CipherTrust Manager
- CipherTrust Manager LTS version 2.11.1 and higher.
Resolved and Known Issues
This section lists the issues fixed in this release. Also, the section lists the issues known to exist in the product at the time of release. The following table defines the severity of the issues listed in this section.
| Severity | Classification | Definition |
|---|---|---|
| C | Critical | No reasonable workaround exists. |
| H | High | Reasonable workaround exists. |
| M | Medium | Medium level priority problems. |
| L | Low | Lowest level priority problems. |
Resolved Issues
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-26592 | C | Problem: Issue with v$encryption_key query after upgrading from 8.11 to 8.14. |
| CADP-25428 | H | Problem: Issue encountered while executing SET KEYcommand on CAKM for Oracle TDE v8.14.0. |
Known Issues
| Issue | Severity | Synopsis |
|---|---|---|
| CADP-24068 | M | Problem: CAKM for Oracle TDE does not attempt to reconnect to CipherTrust Manager when encountering a read timeout error during authentication. Workaround: You can use a persistent cache to minimize the number of requests that CAKM for Oracle TDE sends to CipherTrust Manager. |
| CADP-26521 | H | Problem: Daily-based log rotation is not working as expected. |
| CADP-26519 | H | Problem: Size-based log rotation is not working as expected. |
Upgrade Paths
CAKM for Oracle TDE can be upgraded from:
SafeNet PKCS#11 library to CAKM for Oracle TDE
From To SafeNet PKCS#11 library CAKM for Oracle TDE 8.10.0 or higher Note
Upgrade is validated from SafeNet PKCS#11 Library 8.3.0 and higher.
VKM to CAKM for Oracle TDE
From To VKM 6.3.0 or higher CAKM for Oracle TDE provider 8.10.0 or higher DSM 6.4.4 or higher CipherTrust Manager 2.5.2 and higher
Limitations
This version of CAKM for Oracle TDE is not compatible with CipherTrust Manager version 2.15.
v$encryption is only supported if the CipherTrust Manager is reachable.
