Configuring Security Features
957
registration information).
Yealink supplies a configuration encryption tool for encrypting configuration files. The
encryption tool encrypts plaintext configuration files (e.g., account.cfg, <y0000000000xx>.cfg,
<MAC>.cfg) (one by one or in batch) using 16-character symmetric keys (the same or different
keys for configuration files) and generates encrypted configuration files with the same file
name as before.
Note
This tool also encrypts the plaintext 16-character symmetric keys using a fixed key, which is the
same as the one built in the IP phone, and generates new files named as <xx_Security>.enc (xx
indicates the name of the configuration file, for example, y000000000028_Security.enc for
y000000000028.cfg file, account_Security.enc for account.cfg). This tool generates another new
file named as Aeskey.txt to store the plaintext 16-character symmetric keys for each
configuration file.
For a Microsoft Windows platform, you can use a Yealink-supplied encryption tool
“Config_Encrypt_Tool.exe” to encrypt the configuration files respectively.
Note
For security reasons, administrator should upload encrypted configuration files,
<xx_Security>.enc files to the root directory of the provisioning server. During auto
provisioning, the IP phone requests to download the boot file first and then download the
referenced configuration files. For more information on boot file, refer to
. For example, the IP phone downloads account.cfg file and it is encrypted. The IP phone will
request to download <account_Security>.enc file (if enabled) and decrypt it into the plaintext
key (e.g., key2) using the built-in key (e.g., key1). Then the IP phone decrypts account.cfg file
using key2. After decryption, the IP phone resolves configuration files and updates
configuration settings onto the IP phone system.
The way the IP phone processes other configuration files is the same to that of the account.cfg
file.
You can also configure the <MAC>-local.cfg files to be automatically encrypted using 16-
character symmetric keys when uploading to the server (by setting the value of the parameter
“static.auto_provision.encryption.config” to 1).
Yealink also supplies a configuration encryption tool (yealinkencrypt) for Linux platform if
required. For more information, refer to
Summary of Contents for CP860 SERIES
Page 1: ...63 ...
Page 51: ...Getting Started 25 For SIP T46G S Desk Mount Method Wall Mount Method Optional ...
Page 53: ...Getting Started 27 For SIP T42S T41S Desk Mount Method Wall Mount Method Optional ...
Page 55: ...Getting Started 29 For SIP T23P T23G Desk Mount Method Wall Mount Method Optional ...
Page 70: ...Administrator s Guide for SIP T2 Series T19 P E2 T4 Series T5 Series CP860 CP920 IP Phones 44 ...