Administrator’s Guide for VP59/SIP-T58A/CP960 IP Phones
106
You can configure the contact files to be automatically encrypted using 16-character/32 characters symmetric keys
(configured by “static.auto_provision.aes_key.mac”) when uploading to the server (by setting “static.auto_pro-
vision.encryption.directory=1”). The encrypted contact files have the same file names as before. The encrypted con-
tact files can be downloaded from the server and decrypted using 16-character/32 characters symmetric keys
during auto provisioning. If the parameter static.auto_provision.aes_key.mac” is left blank, “static.auto_pro-
vision.aes_key.com” will be used.
If the downloaded contact files are encrypted, the phone will try to decrypt <MAC>-contact.xml file using the plain-
text AES key. After decryption, the phone resolves contact files and updates contact information onto the IP phone
system.
Encryption and Decryption Configuration
The following table lists the parameters you can use to configure the encryption and decryption.
Parameter static.auto_provision.update_file_mode
<y0000000000xx>.cfg
Description It enables or disables the phone only to download the encrypted files.
Permitted
Values
0-Disabled, the phone will download the configuration files (for example, sip.cfg, account.cfg, <MAC>-
local.cfg) and <MAC>-contact.xml file from the server during auto provisioning no matter whether the
files are encrypted or not. And then resolve these files and update settings onto the phone system.
1-Enabled, the phone will only download the encrypted configuration files (for example, sip.cfg,
account.cfg, <MAC>-local.cfg) or <MAC>-contact.xml file from the server during auto provisioning, and
then resolve these files and update settings onto the phone system.
Default
0
Parameter static.auto_provision.aes_key_in_file
<y0000000000xx>.cfg
Description It configures how the phone decrypts files.
Permitted
Values
0-The phone will decrypt the encrypted configuration files using plaintext AES keys configured on the
phone.
1-The phone determines whether the file is an encrypted file generated in RSA mode. If yes, the
phone will decrypt the encrypted configuration file using the phone built-in RSA private key or self-
define RSA private key. If no, the phone will request the <xx>.enc file first and decrypt the file using
RSA private key, when there is no <xx>.enc file, the phone will request the <xx_Security>.enc file.
Then the phone decrypt this file into the plaintext key (e.g., key2) using the phone built-in AES key
(e.g., key1). The IP phone then decrypts the encrypted configuration file using the corresponding key
(e.g., key2).
Default
0
Parameter static.auto_provision.aes_key.com
<y0000000000xx>.cfg
Description
It configures the plaintext AES key for encrypting/decrypting the Common CFG/Custom CFG file.
The valid characters contain: 0 ~ 9, A ~ Z, a ~ z and the following special characters are also sup-
ported: # $ % * + , - . : = ? @ [ ] ^ _ { } ~.
Example:
static.auto_provision.aes_key.com = 0123456789abcdef
Note: For decrypting, it works only if “static.auto_provision.aes_key_in_file” is set to 0. If the down-
loaded MAC-Oriented file is encrypted and the parameter “static.auto_provision.aes_key.mac” is left
blank, the phone will try to encrypt/decrypt the MAC-Oriented file using the AES key configured by the
parameter “static.auto_provision.aes_key.com”.
Permitted
Values
16/32 characters
Содержание One Talk CP960
Страница 1: ......