Configuring Security Features
957
registration information).
Yealink supplies a configuration encryption tool for encrypting configuration files. The
encryption tool encrypts plaintext configuration files (e.g., account.cfg, <y0000000000xx>.cfg,
<MAC>.cfg) (one by one or in batch) using 16-character symmetric keys (the same or different
keys for configuration files) and generates encrypted configuration files with the same file
name as before.
Note
This tool also encrypts the plaintext 16-character symmetric keys using a fixed key, which is the
same as the one built in the IP phone, and generates new files named as <xx_Security>.enc (xx
indicates the name of the configuration file, for example, y000000000028_Security.enc for
y000000000028.cfg file, account_Security.enc for account.cfg). This tool generates another new
file named as Aeskey.txt to store the plaintext 16-character symmetric keys for each
configuration file.
For a Microsoft Windows platform, you can use a Yealink-supplied encryption tool
“Config_Encrypt_Tool.exe” to encrypt the configuration files respectively.
Note
For security reasons, administrator should upload encrypted configuration files,
<xx_Security>.enc files to the root directory of the provisioning server. During auto
provisioning, the IP phone requests to download the boot file first and then download the
referenced configuration files. For more information on boot file, refer to Boot Files on page
136. For example, the IP phone downloads account.cfg file and it is encrypted. The IP phone will
request to downloa
d <account_Security>.enc file (if enabled) and decrypt it into the plaintext
key (e.g., key2) using the built-in key (e.g., key1). Then the IP phone decrypts account.cfg file
using key2. After decryption, the IP phone resolves configuration files and updates
configuration settings onto the IP phone system.
The way the IP phone processes other configuration files is the same to that of the account.cfg
file.
To Next Page
Loading...
Need help?
General
Weight and Dimensions
