Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CTP Ongoing Operations

Troubleshooting

search

Please Note:

Troubleshooting

During ongoing operation of CipherTrust Teradata Protection (CTP), the following issues may arise if the appropriate steps are not taken to avoid them. Be aware of these considerations and take the recommended steps to ensure smooth operation.

Be sure Teradata users can access /tmp/vormetric

The CipherTrust Teradata UDFs and local CipherTrust Cryptoserver communicate through the named socket /tmp/vormetric. The UDFs run in the Teradata context, so this socket must have access permissions set to 666 to allow access to the Teradata user. If only the root user has permission to access /tmp/vormetric, the UDF cannot communicate with the Cryptoserver and will fail.

Cache key on host when turning off udf_aes

If using the encrypt_fpe() and decrypt_fpe() UDFs with the udf_aes option off, be sure the encryption key is cached on the host. Otherwise, the UDF generates the following error:

error '500 - C_EncryptInit failed'

Set width of BTEQ session to avoid truncated UDF output

If you are using encrypt_cbc() to encrypt long strings, use the following steps to ensure that the output of the encryption UDF is not truncated. If the BTEQ session width is too narrow, characters can be lost from the end of the returned string.

  1. Invoke BTEQ with the following command:

    # bteq -e UTF8 -c UTF16

  2. At the BTEQ prompt, run the following command. Instead of 1000, substitute any value that ensures the width is sufficient.

    # .set width 1000

  3. Run the following command:

    # .set session charset "utf8"

Restart the crypto server to remove cached configuration

When you change the files profiles.conf, mask.conf, or vormetric_local_crypto_server.conf, the updates are not necessarily recognized immediately. Information from an older configuration file could be cached. To ensure that the updated information is available, remove cached configuration using the following steps:

Caution

The server is restarted during this procedure. If any critical operations are underway, wait until they have finished.

  1. After changes are made to either profiles.conf, mask.conf, or vormetric_local_crypto_server.conf, restart the Cryptoserver.

    Note

    Do not start multiple versions of the Cryptoserver at the same time.

Properly escape characters in input strings

If an improperly formatted string is passed as input to BTEQ, such as when calling the UDFs encrypt_fpe or encrypt_cbc, the BTEQ session stops and waits indefinitely. The input string must adhere to BTEQ requirements, such as escaping special characters. For example, if the input string contains an apostrophe, use a double apostrophe: 'It''s a beautiful day'.

FF1 license considerations

After modifying the FF1 license, or after a successful upgrade, you must restart the Cryptographic server.

Warning

Failure to complete this step causes the application to fail.

Change the log level if queries hang

During long-running queries, if the log level is set to INFO or DEBUG, the volume of log data sometimes overwhelms the system, and the process might appear to hang. Changing the log level can resolve this problem. Refer to Log Messages for details.

On this page