Security Features
425
Configuration Files Encryption Tools
Yealink provides three configuration files encryption tools:
Config_Encrypt_Tool.exe (via graphical tool for Windows platform)
Config_Encrypt.exe (via DOS command line for Windows platform)
yealinkencrypt (for Linux platform)
The encryption tools encrypt plaintext configuration files (for example, account.cfg,
<y0000000000xx>.cfg, <MAC>.cfg) (one by one or in batch) using 16-character symmetric keys (the
same or different keys for configuration files) and generate encrypted configuration files with the same
file name as before.
These tools also encrypt the plaintext 16-character symmetric keys using a fixed key, which is the same as
the one built in the IP phone, and generate new files named as <xx_Security>.enc (xx is the name of the
configuration file, for example, y000000000028_Security.enc for y000000000028.cfg file,
account_Security.enc for account.cfg). These tools generate another new file named as Aeskey.txt to store
the plaintext 16-character symmetric keys for each configuration file.
Configuration Files Encryption and Decryption
Encrypted configuration files can be downloaded from the provisioning server to protect against
unauthorized access and tampering of sensitive information (for example, login passwords, registration
information).
You can encrypt the configuration files using the encryption tools. You can also configure the
<MAC>-local.cfg files to be automatically encrypted using 16-character symmetric keys when uploading
to the server (by setting “
static.auto_provision.encryption.config
” to 1).
For security reasons, you should upload encrypted configuration files, <xx_Security>.enc files to the root
directory of the provisioning server. During auto provisioning, the IP phone requests to download the
boot file first and then download the referenced configuration files. For example, the IP phone downloads
an encrypted account.cfg file. The IP phone will request to download <account_Security>.enc file (if
enabled) and decrypt it into the plaintext key (for example, key2) using the built-in key (for example,
key1). Then the IP phone decrypts account.cfg file using key2. After decryption, the IP phone resolves
configuration files and updates configuration settings onto the IP phone system.
Contact Files Encryption and Decryption
Encrypted contact files can be used to protect against unauthorized access and tampering of private
information (for example, contact number). It is helpful for protecting trade secrets.
You can configure the contact files to be automatically encrypted using 16-character symmetric keys
(configured by “static.auto_provision.aes_key_16.mac”) when uploading to the server (by setting
“static.auto_provision.encryption.directory=1”). The encrypted contact files have the same file names as
before. The encrypted contact files can be downloaded from the server and decrypted using 16-character
Содержание T48G
Страница 1: ...linekey X pickup_value ...
Страница 8: ...Administrator s Guide for SIP T2 Series T4 Series T5 Series IP Phones iv ...
Страница 72: ...Administrator s Guide for SIP T2 Series T4 Series T5 Series IP Phones 52 ...
Страница 258: ...Administrator s Guide for SIP T2 Series T4 Series T5 Series IP Phones 238 ...
Страница 264: ...Administrator s Guide for SIP T2 Series T4 Series T5 Series IP Phones 244 ...
Страница 378: ...Administrator s Guide for SIP T2 Series T4 Series T5 Series IP Phones 358 ...