Security Features
116
[1]
X is the account ID. For T57W/T54W/T48U/T48S/T48G/T46U/T46S/T46G/T29G, X=1-16; for
T53W/T53/T43U/T42G/T42U/T42S, X=1-12; for T41P/T41S/T27G, X=1-6; for T33P/T33G, X=1-4; for
T40P/T40G/T23P/T23G, X=1-3; for T31P/T31G/T31/T21(P) E2, X=1-2; for T30P/T30/T19(P) E2/CP920, X=1.
Encrypting and Decrypting Files
Yealink phones support downloading encrypted files from the server and encrypting files before/when uploading
them to the server.
You can encrypt the following files:
l
Configuration files
: MAC-Oriented CFG file (<MAC>.cfg), Common CFG file (y0000000000xx.cfg), MAC-local
CFG file (<MAC>-local.cfg) or other custom CFG files (for example, sip.cfg, account.cfg)
l
Contact Files
: <MAC>-contact.xml
To encrypt/decrypt files, you may have to configure an AES key.
Note
: AES keys must be 16 characters/32 characters. The supported characters contain: 0 ~ 9, A ~ Z, a ~ z and special char-
acters: # $ % * + , - . : = ? @ [ ] ^ _ { } ~.
Topics
Configuration Files Encryption Tools
Configuration Files Encryption and Decryption
Contact Files Encryption and Decryption
Encryption and Decryption Configuration
Configuration Files Encryption Tools
Yealink provides three configuration files encryption tools:
l
Config_Encrypt_Tool.exe (via graphical tool for Windows platform)
l
YealinkEncrypt CMD.exe (via DOS command line for Windows platform)
l
yealinkencrypt (for Linux platform)
The encryption tools support two encryption modes: RSA Mode and Compatibility Mode.
For more information on the encryption tools, refer to
Yealink Configuration Encryption Tool User Guide
.
Configuration Files Encryption and Decryption
Encrypted configuration files can be downloaded from the provisioning server to protect against unauthorized
access and tampering of sensitive information (for example, login passwords, registration information).
You can encrypt the configuration files using encryption tools. You can also configure the <MAC>-local.cfg files to
be automatically encrypted using 16-character/32-character symmetric keys when uploading to the server (by set-
ting “static.auto_provision.encryption.config” to 1).
For security reasons, you should upload encrypted configuration files to the root directory of the provisioning server.
During auto provisioning, the phone requests to download the boot file first and then download the referenced con-
figuration files. For example, the phone downloads an encrypted account.cfg file. The phone will decrypt it into the
plaintext key (for example, key2) using the built-in key (for example, key1). Then the IP phone decrypts account.cfg
file using key2. After decryption, the phone resolves configuration files and updates configuration settings onto the
IP phone system.
Contact Files Encryption and Decryption
Encrypted contact files can be used to protect against unauthorized access and tampering of private information (for
example, contact number). It is helpful for protecting trade secrets.
You can configure the contact files to be automatically encrypted using 16-character/32 characters symmetric keys
(configured by “static.auto_provision.aes_key.mac”) when uploading to the server (by setting “static.auto_pro-
vision.encryption.directory=1”). The encrypted contact files have the same file names as before. The encrypted con-
tact files can be downloaded from the server and decrypted using 16-character/32 characters symmetric keys