| Security Features |
88
• Config_Encrypt_Tool.exe (via graphical tool for Windows platform)
• Config_Encrypt.exe (via DOS command line for Windows platform)
• yealinkencrypt (for Linux platform)
The encryption tools encrypt plaintext configuration files (for example, account.cfg, <y0000000000xx>.cfg,
<MAC>.cfg) (one by one or in batch) using 16-character symmetric keys (the same or different keys for
configuration files) and generate encrypted configuration files with the same file name as before.
These tools also encrypt the plaintext 16-character symmetric keys using a fixed key, which is the
same as the one built in the device, and generate new files named as <xx_Security>.enc (xx is the
name of the configuration file, for example, y000000000058_Security.enc for y000000000058.cfg file,
account_Security.enc for account.cfg). These tools generate another new file named as Aeskey.txt to store
the plaintext 16-character symmetric keys for each configuration file.
Configuration Files Encryption and Decryption
Encrypted configuration files can be downloaded from the provisioning server to protect against
unauthorized access and tampering of sensitive information (for example, login passwords, registration
information).
For security reasons, you should upload encrypted configuration files, <xx_Security>.enc files to the root
directory of the provisioning server. During auto provisioning, the device requests to download the boot file
first and then download the referenced configuration files. For example, the device downloads an encrypted
account.cfg file. The device will request to download <account_Security>.enc file (if enabled) and decrypt
it into the plaintext key (for example, key2) using the built-in key (for example, key1). Then the device
decrypts account.cfg file using key2. After decryption, the device resolves configuration files and updates
configuration settings onto the device system.
Encryption and Decryption Configuration
The following table lists the parameters you can use to configure the encryption and decryption.
Parameter
static.auto_provision.update_file_mode
<y0000000000xx>.cfg
Description
It enables or disables the device only to download the encrypted files.
Permitted Values
0
-Disabled, the device will download the configuration files (for example, sip.cfg,
account.cfg, <MAC>-local.cfg) and <MAC>-contact.xml file from the server during
auto provisioning no matter whether the files are encrypted or not. And then the
device resolves these files and updates the settings onto the device system.
1
-Enabled, the device will only download the encrypted configuration files (for
example, sip.cfg, account.cfg, <MAC>-local.cfg) or <MAC>-contact.xml file from the
server during auto provisioning, and then resolve these files and update settings onto
the device system.
Default
0
Parameter
static.auto_provision.aes_key_in_file
<y0000000000xx>.cfg
Description
It enables or disables the device to decrypt configuration files using the encrypted
AES keys.
Summary of Contents for T58A Teams
Page 1: ......