Administrator’s Guide for SIP-T2 /T3 /T4 /T5 /CP920 IP Phones
117
during auto provisioning. If the parameter static.auto_provision.aes_key.mac” is left blank, “static.auto_pro-
vision.aes_key.com” will be used.
If the downloaded contact files are encrypted, the phone will try to decrypt <MAC>-contact.xml file using the plain-
text AES key. After decryption, the phone resolves contact files and updates contact information onto the IP phone
system.
Encryption and Decryption Configuration
The following table lists the parameters you can use to configure the encryption and decryption.
Parameter
static.auto_provision.update_file_mode
<y0000000000xx>.cfg
Description
It enables or disables the phone only to download the encrypted files.
Permitted
Values
0
-Disabled, the phone will download the configuration files (for example, sip.cfg, account.cfg, <MAC>-
local.cfg) and <MAC>-contact.xml file from the server during auto provisioning no matter whether the
files are encrypted or not. And then resolve these files and update settings onto the phone system.
1
-Enabled, the phone will only download the encrypted configuration files (for example, sip.cfg,
account.cfg, <MAC>-local.cfg) or <MAC>-contact.xml file from the server during auto provisioning, and
then resolve these files and update settings onto the phone system.
Default
0
Parameter
static.auto_provision.aes_key_in_file
<y0000000000xx>.cfg
Description
It configures how the phone decrypts files.
Permitted
Values
0
-The phone will decrypt the encrypted configuration files using plaintext AES keys configured on the
phone.
1
-The phone determines whether the file is an encrypted file generated in RSA mode. If yes, the
phone will decrypt the encrypted configuration file using the phone built-in RSA private key or self-
define RSA private key. If no, the phone will request the <xx>.enc file first and decrypt the file using
RSA private key, when there is no <xx>.enc file, the phone will request the <xx_Security>.enc file.
Then the phone decrypt this file into the plaintext key (e.g., key2) using the phone built-in AES key
(e.g., key1). The IP phone then decrypts the encrypted configuration file using the corresponding key
(e.g., key2).
Default
0
Parameter
static.auto_provision.aes_key.com
<y0000000000xx>.cfg
Description
It configures the plaintext AES key for encrypting/decrypting the Common CFG/Custom CFG file.
The valid characters contain: 0 ~ 9, A ~ Z, a ~ z and the following special characters are also sup-
ported: # $ % * + , - . : = ? @ [ ] ^ _ { } ~.
Example
:
static.auto_provision.aes_key.com = 0123456789abcdef
Note
: For decrypting, it works only if “static.auto_provision.aes_key_in_file” is set to 0. If the down-
loaded MAC-Oriented file is encrypted and the parameter “static.auto_provision.aes_key.mac” is left
blank, the phone will try to encrypt/decrypt the MAC-Oriented file using the AES key configured by the
parameter “static.auto_provision.aes_key.com”.
Permitted
Values
16/32 characters
Default
Blank
Web UI
Settings > Auto Provision > Common AES Key
Phone UI
Color Screen Phones: