Security Features
199
Example: Encrypting Configuration Files
Configuration Files Encryption Tools
Yealink provides three configuration files encryption tools:
l
Config_Encrypt_Tool.exe (via graphical tool for Windows platform)
l
Config_Encrypt.exe (via DOS command line for Windows platform)
l
yealinkencrypt (for Linux platform)
The encryption tools encrypt plaintext configuration files (for example, account.cfg, <y0000000000xx>.cfg,
<MAC>.cfg) (one by one or in batch) using 16-character symmetric keys (the same or different keys for configuration
files) and generate encrypted configuration files with the same file name as before.
These tools also encrypt the plaintext 16-character symmetric keys using a fixed key, which is the same as the one built
in the IP phone, and generate new files named as <xx_Security>.enc (xx is the name of the configuration file, for
example, y000000000077_Security.enc for y000000000077.cfg file, account_Security.enc for account.cfg). These tools
generate another new file named as Aeskey.txt to store the plaintext 16-character symmetric keys for each con-
figuration file.
Configuration Files Encryption and Decryption
Encrypted configuration files can be downloaded from the provisioning server to protect against unauthorized access
and tampering of sensitive information (for example, login passwords, registration information).
You can encrypt the configuration files using the encryption tools. You can also configure the <MAC>-local.cfg files
to be automatically encrypted using 16-character symmetric keys when uploading to the server (by setting “stat-
ic.auto_provision.encryption.config” to 1).
For security reasons, you should upload encrypted configuration files, <xx_Security>.enc files to the root directory of
the provisioning server. During auto provisioning, the IP phone requests to download the boot file first and then down-
load the referenced configuration files. For example, the IP phone downloads an encrypted account.cfg file. The IP
phone will request to download <account_Security>.enc file (if enabled) and decrypt it into the plaintext key (for
example, key2) using the built-in key (for example, key1). Then the IP phone decrypts account.cfg file using key2. After
decryption, the IP phone resolves configuration files and updates configuration settings onto the IP phone system.
Contact Files Encryption and Decryption
Encrypted contact files can be used to protect against unauthorized access and tampering of private information (for
example, contact number). It is helpful for protecting trade secrets.
You can configure the contact files to be automatically encrypted using 16-character symmetric keys (configured by
“static.auto_provision.aes_key_16.mac”) when uploading to the server (by setting “static.auto_pro-
vision.encryption.directory=1”). The encrypted contact files have the same file names as before. The encrypted contact
files can be downloaded from the server and decrypted using 16-character symmetric keys during auto provisioning. If
the parameter “static.auto_provision.aes_key_16.mac” is left blank, “static.auto_provision.aes_key_16.com” will be used.
If the downloaded contact files are encrypted, the IP phone will try to decrypt <MAC>-contact.xml file using the plain-
text AES key. After decryption, the IP phone resolves contact files and updates contact information onto the IP phone
system.
Encryption and Decryption Configuration
The following table lists the parameters you can use to configure the encryption and decryption.
Parameter
static.auto_provision.update_file_mode
<y0000000000xx>.cfg
Summary of Contents for W53P
Page 1: ......
Page 18: ...Table of Contents 11 Appendix 255 RFC and Internet Draft Support 255 ...
Page 19: ...Administrator s Guide for W60P W53P W41P DECT Phones 12 ...
Page 47: ...40 Administrator s Guide for W60P W53P W41P DECT Phones ...
Page 73: ...66 Administrator s Guide for W60P W53P W41P DECT Phones ...
Page 123: ...116 Administrator s Guide for W60P W53P W41P DECT Phones ...
Page 125: ...118 Administrator s Guide for W60P W53P W41P DECT Phones ...
Page 139: ...132 Administrator s Guide for W60P W53P W41P DECT Phones ...
Page 171: ...164 Administrator s Guide for W60P W53P W41P DECT Phones ...
Page 193: ...186 Administrator s Guide for W60P W53P W41P DECT Phones ...
Page 227: ...220 Administrator s Guide for W60P W53P W41P DECT Phones ...
Page 253: ...246 Administrator s Guide for W60P W53P W41P DECT Phones ...
Page 261: ...254 Administrator s Guide for W60P W53P W41P DECT Phones ...