Encrypted Files on the IP Phone
41-001343-02 REV05 – 07.2014
7-3
Procedure to Encrypt Configuration Files
To encrypt the IP phone configuration files (using a Microsoft Windows OS):
C:\> anacrypt.exe -h
Provides encryption of the configuration files used for the
family of Aastra IP phones.
Copyright (c) 2005-2012, Aastra Technologies, Ltd.
Usage:
anacrypt {infile.cfg|-d <dir>} [-p password] [-m] [-i] [-v] [-h]
Examples
The following examples illustrate the use of the anacrypt.exe file.
Example 1
Generating a security.tuz file with password 1234abcd:
For firmware version 3.3.1 (enhanced security):
C:\>
anacrypt -i -p 1234abcd -v3
1.
Obtain the anacrypt encryption tool (anacrypt.exe) from your Aastra representative.
2.
Open a command line window application (i.e. DOS window).
3.
At the prompt, enter
anacrypt.exe
and press <Return>.
4.
Enter a command utilizing the details provided in the help screen.
Anacrypt Switch
Description
{infile.cfg | -d <dir>}
Specifies that all .cfg files in <dir> should be encrypted.
[-p password]
Specify password used to generate keys.
-m
Generate MAC.tuz files that are phone specific. This switch generates files that are
only usable for phones with firmware version 2.2.0 and above.
-v1
Specifies the version of encryption that the anacrypt tool uses. Use version 1 encryption (i.e. -v1) to generate files that
are readable by all model phones.
-v2
(Default) Specifies the version of encryption that the anacrypt tool uses. Use version 2 encryption (i.e. -v2) to generate
files that are readable by phones with firmware 2.2.0 and above.
-v3
(Enhanced security version) Specifies the version of encryption that the anacrypt tool uses. Use version 3 encryption
(i.e. -v3) to generate files that are readable by phones with firmware 3.3.1 and above.
-i
Generate security.tuz file.
-h
Show the help screen.
Notes:
•
Configuration files that are encrypted using v3 encryption can only be decoded by phones on Release 3.3.1 (and
above).Customers with v3-encrypted configuration files will lose the ability to decode the files (and in turn will lose
all previously configured settings) if they downgrade their phones to any firmware release prior to 3.3.1.
•
An incorrect password produces garbage. For site-specific keyfile security.cfg the plaintext must match the pass-
word.