Encrypted Files On The Ip Phone; Configuration File Encryption Method - Aastra 9000i Series Administrator's Manual
Ip sip phones
Hide thumbs
Also See for 9000i Series:
- Administrator's manual (876 pages) ,
- Configuration manual (27 pages) ,
- Instruction manual (29 pages)
Table of Contents
Advertisement
Encrypted Files on the IP Phone
An encryption feature for the IP phone allows Service Providers the capability of storing
encrypted files on their server to protect against unauthorized access and tampering of sensitive
information (i.e., user accounts, login passwords, registration information). Service Providers
also have the capability of locking a phone to use a specific server-provided configuration only.
Configuration File Encryption Method
Only a System Administrator can encrypt the configurations files for an IP Phone. System
Administrators use a password distribution scheme to manually pre-configure or automatically
configure the phones to use the encrypted configuration with a unique key.
From a Microsoft Windows command line, the System Administrator uses an Aastra-supplied
encryption tool called "anacrypt.exe" to encrypt the <mac>.tuz file.
This tool processes the plain text <mac>.cfg, <model>.cfg, and aastra.cfg files and creates
triple-DES encrypted versions called <mac>.tuz, <model>.tuz, and aastra.tuz. Encryption is
performed using a secret password that is chosen by the administrator.
The encryption tool is also used to create an additional encrypted tag file called security.tuz,
which controls the decryption process on the IP phones. If security.tuz is present on the TFTP/
FTP/HTTP server, the IP phones download it and use it locally to decrypt the configuration
information from the aastra.tuz and <mac>.tuz files. Because only the encrypted versions of the
configuration files need to be stored on the server, no plain-text configuration or passwords are
sent across the network, thereby ensuring security of the configuration data.
To make changes to the configuration files, the System Administrator must save the original
files.
7-2
Note: Aastra also supplies encryption tools to support Linux platforms
(anacrypt.linux) and Solaris platforms (anacrypt.sunos) if required.
Note: If the use of encrypted configuration files is enabled (via
security.tuz or pre-provisioned on the IP phone) the aastra.cfg,
<model>.cfg, and <mac>.cfg files are ignored, and only the encrypted
equivalent files aastra.tuz, <model>.tuz, and <mac>.tuz are read.
41-001343-01 Rev 02, Release 3.2.2
Advertisement
Table of Contents
Troubleshooting
