Configuration Files Encryption Tools; Configuration Files Encryption And Decryption; Contact Files Encryption And Decryption; Encryption And Decryption Configuration - Yealink SIP-T3 Administrator's Manual

Administrator's Guide for SIP-T2 /T3 /T4 /T5 /CP920 IP Phones

Configuration Files Encryption Tools

Configuration Files Encryption and Decryption

Contact Files Encryption and Decryption

Encryption and Decryption Configuration

Configuration Files Encryption Tools
Yealink provides three configuration files encryption tools:
Config_Encrypt_Tool.exe (via graphical tool for Windows platform)
l
YealinkEncrypt CMD.exe (via DOS command line for Windows platform)
l
yealinkencrypt (for Linux platform)
l
The encryption tools support two encryption modes: RSA Mode and Compatibility Mode.
For more information on the encryption tools, refer to
Configuration Files Encryption and Decryption
Encrypted configuration files can be downloaded from the provisioning server to protect against unauthorized
access and tampering of sensitive information (for example, login passwords, registration information).
You can encrypt the configuration files using encryption tools. You can also configure the <MAC>-local.cfg files to
be automatically encrypted using 16-character/32-character symmetric keys when uploading to the server (by set-
ting "static.auto_provision.encryption.config" to 1).
For security reasons, you should upload encrypted configuration files to the root directory of the provisioning server.
During auto provisioning, the phone requests to download the boot file first and then download the referenced con-
figuration files. For example, the phone downloads an encrypted account.cfg file. The phone will decrypt it into the
plaintext key (for example, key2) using the built-in key (for example, key1). Then the IP phone decrypts account.cfg
file using key2. After decryption, the phone resolves configuration files and updates configuration settings onto the
IP phone system.
Contact Files Encryption and Decryption
Encrypted contact files can be used to protect against unauthorized access and tampering of private information (for
example, contact number). It is helpful for protecting trade secrets.
You can configure the contact files to be automatically encrypted using 16-character/32 characters symmetric keys
(configured by "static.auto_provision.aes_key.mac") when uploading to the server (by setting "static.auto_pro-
vision.encryption.directory=1"). The encrypted contact files have the same file names as before. The encrypted con-
tact files can be downloaded from the server and decrypted using 16-character/32 characters symmetric keys
during auto provisioning. If the parameter static.auto_provision.aes_key.mac" is left blank, "static.auto_pro-
vision.aes_key.com" will be used.
If the downloaded contact files are encrypted, the phone will try to decrypt <MAC>-contact.xml file using the plain-
text AES key. After decryption, the phone resolves contact files and updates contact information onto the IP phone
system.
Encryption and Decryption Configuration
The following table lists the parameters you can use to configure the encryption and decryption.
Parameter static.auto_provision.update_file_mode
Description It enables or disables the phone only to download the encrypted files.
0-Disabled, the phone will download the configuration files (for example, sip.cfg, account.cfg, <MAC>-
local.cfg) and <MAC>-contact.xml file from the server during auto provisioning no matter whether the
files are encrypted or not. And then resolve these files and update settings onto the phone system.
Permitted
Values
1-Enabled, the phone will only download the encrypted configuration files (for example, sip.cfg,
account.cfg, <MAC>-local.cfg) or <MAC>-contact.xml file from the server during auto provisioning, and
then resolve these files and update settings onto the phone system.
127
Yealink Configuration Encryption Tool User Guide.
<y0000000000xx>.cfg