CipherTrust RESTful Data Protection
Product Description
CipherTrust RESTful Data Protection (CRDP) solution provides RESTful webservices to protect sensitive data via wide range of data protection methods. CRDP is designed from the ground up to seamlessly fit with existing cloud-ready applications. It can be deployed as a docker container and performs wide range of cryptographic operations. It is easy to deploy, configure, manage, and migrate. CRDP allows enterprises to centrally configure their data-centric cryptographic policies in a reusable, human-readable way on the key manager, and to deploy data protection that fits within their native cloud deployment.
1.1
Release Description
CRDP is delivered as a standard Docker image and can be deployed in any Kubernetes environments or as a standalone Docker Container. This release includes support for new features.
New Features and Enhancements
The following table lists the features introduced in this release and their compatible CipherTrust Manager versions:
| Feature | Description | Compatible CM Version |
|---|---|---|
| Luhn check | Enable the Luhn toggle to set the data format to Luhn. Refer to Creating Protection Policy for details. | 2.19 and higher |
| Metrics Labels in Performance Metrics | Metrics Labels allows you to filter by specific clients and applications. Refer to Performance Metrics for details. | 2.17 and higher |
| FF3-1 Algorithm | Provides support for FF3-1 algorithm. Refer to Supported protection methods and their specifications for details. | 2.17 and higher |
| Random2 Algorithm | Provides support for Random2 algorithm. Refer to Supported protection methods and their specifications for details. | 2.20 and higher |
| JWKS URL | CRDP supports JWKS, which means administrator can provide the JWKS URL through which the JWKS can be fetched and used for validation of the JWT. Provide the JWKS URL, Duration, Issuer, and Username location in JWT. Refer to JWKS URL for details. | 2.18 and higher |
| Username location in JWT | Specify the location of username in the JWT. Access Policy will be applied based on username in this location. Refer to JWT Verification for details. | 2.18 and higher |
| Prefix to identify the type of data being protected | Specify a user friendly name to help user identify the type of data being protected. Refer to Creating Protection Policy for details. | 2.16 and higher |
| Update in container behavior on graceful shutdown | When CRDP receives graceful shutdown signal: • The CRDP client will immediately stop listening to new requests and will be deleted from the single pane of glass in the CipherTrust Manager. • The CRDP server will shutdown and container will be terminated. Refer to Behavior on Container Shutdown for details. | 2.14 and higher |
Compatibility Information
Supported Platforms
Windows Server 2022 and 2019, 64 bit (validated with Windows Server 2022)
RHEL 9.x, 64-bit (validated with RHEL 9.5)
RHEL 8.x, 64-bit (validated with RHEL 8.7)
Supported Oracle Database
Oracle Database 19c (validated with 19.25.0.0.0)
Oracle Database 19c (validated with 19.27.0.0.0) for AIX only.
Supported CipherTrust Manager
CipherTrust Manager LTS version 2.11.1 and higher.
1.1.1
Release Description
CRDP is delivered as a standard Docker image and, as such, can be deployed in any Kubernetes environments or as a standalone Docker Container.
New Features and Enhancements
The following table lists the features introduced in this release and their compatible CipherTrust Manager versions:
| Feature | Description | Compatible CM Version |
|---|---|---|
| Luhn check | Enable the Luhn toggle to set the data format to Luhn. Refer to Creating Protection Policy for details. | 2.19 and higher |
| JWKS URL | CRDP supports JWKS, which means administrator can provide the JWKS URL through which the JWKS can be fetched and used for validation of the JWT. Provide the JWKS URL, Duration, Issuer, and Username location in JWT. Refer to JWKS URL for details. | 2.18 and higher |
Compatibility Information
Supported Platforms
Windows Server 2022 and 2019, 64 bit (validated with Windows Server 2022)
RHEL 8.x, 64-bit (validated with RHEL 8.7)
Supported Oracle Database
Oracle Database 19c (validated with 19.25.0.0.0)
Supported CipherTrust Manager
CipherTrust Manager LTS version 2.11.1 and higher.
1.0
Release Description
CRDP is delivered as a standard Docker image and, as such, can be deployed in any Kubernetes environments or as a standalone Docker Container.
New Features and Enhancements
The following table lists the features introduced in this release and their compatible CipherTrust Manager versions:
| Feature | Description | Compatible CM Version |
|---|---|---|
| Username location in JWT | Specify the location of username in the JWT. Access Policy will be applied based on username in this location. Refer to JWT Verification for details. | 2.18 and higher |
| Prefix to identify the type of data being protected | Specify a user friendly name to help user identify the type of data being protected. Refer to Creating Protection Policy for details. | 2.16 and higher |
| Update in container behavior on graceful shutdown | When CRDP receives graceful shutdown signal: • The CRDP client will immediately stop listening to new requests and will be deleted from the single pane of glass in the CipherTrust Manager. • The CRDP server will shutdown and container will be terminated. Refer to Behavior on Container Shutdown for details. | 2.14 and higher |
Compatibility Information
Supported Platforms
Windows Server 2022 and 2019, 64 bit (validated with Windows Server 2022)
RHEL 8.x, 64-bit (validated with RHEL 8.7)
Supported Oracle Database
Oracle Database 19c (validated with 19.25.0.0.0)
Oracle Database 19c (validated with 19.27.0.0.0) for AIX only.
Supported CipherTrust Manager
CipherTrust Manager LTS version 2.11.1 and higher.
1.0.2
Release Description
This release includes security updates.
New Features and Enhancements
There is no new feature in this release.
Compatibility Information
Supported Platforms
Windows Server 2022 and 2019, 64 bit (validated with Windows Server 2022)
RHEL 8.x, 64-bit (validated with RHEL 8.7)
Supported Oracle Database
Oracle Database 19c (validated with 19.25.0.0.0)
Oracle Database 19c (validated with 19.27.0.0.0) for AIX only.
Supported CipherTrust Manager
CipherTrust Manager LTS version 2.11.1 and higher.
1.0.1
Release Description
CRDP is delivered as a standard Docker image and, as such, can be deployed in any Kubernetes environments or as a standalone Docker Container.
New Features and Enhancements
The following table lists the features introduced in this release and their compatible CipherTrust Manager versions:
| Feature | Description | Compatible CM Version |
|---|---|---|
| Luhn check | Enable the Luhn toggle to set the data format to Luhn. Refer to Creating Protection Policy for details. | 2.19 and higher |
| JWKS URL | CRDP supports JWKS, which means administrator can provide the JWKS URL through which the JWKS can be fetched and used for validation of the JWT. Provide the JWKS URL, Duration, Issuer, and Username location in JWT. Refer to JWKS URL for details. | 2.18 and higher |
Compatibility Information
Supported Platforms
Windows Server 2022 and 2019, 64 bit (validated with Windows Server 2022)
RHEL 8.x, 64-bit (validated with RHEL 8.7)
Supported Oracle Database
Oracle Database 19c (validated with 19.25.0.0.0)
Supported CipherTrust Manager
CipherTrust Manager LTS version 2.11.1 and higher.
Issues
The following issues have been identified across multiple releases:
| Issue | Description | Reported Version | Resolved Version |
|---|---|---|---|
| AGT-39189 | CTE failed to unguard after changing to incorrect CIFS credentials If a user has a CIFS guarded path, and tries to access it with invalid credentials, the unguard request fails. After this, if the user switches to valid credentials, the unguard request still fails because CTE agent is unable to access the CIFS share to update the credentials. Workaround: To successfully guard/unguard a CIFS path, use valid credentials. | 7.7.0 | 7.8.1 |
| CADP-27204 | Problem: The /v1/protectbulk and /v1/revealbulk APIs are not working as expected. | 1.1.1 | |
| CADP-20338 | Problem: Protect operation fails with no specific error message and returns a 404 HTTP status code if the key access is not provided to application data protection clients. | 1.0.1 | 1.1.1 |
| CADP-21412 | Problem: Vulnerabilities in the CRDP image. | 1.0.1 | 1.1.0 |
| CADP-16533 | Problem: Protect operation performed using FPE/AES fails for Chinese character set 4E00 - 9FFF. Workaround: for known issues yet to be fixed only (if available) | 1.0.0 |
