Securing Configuration Files With Aes Encryption - Alcatel Temporis IP150 Manual

Securing Configuration Files with AES Encryption

You can encrypt your configuration files to prevent unauthorized users modifying the
configuration files. The system encrypts files using the AES 256 algorithm. After
encrypting a file and placing it on your provisioning server, you can enable the phone to
decrypt the file after fetching it from the server.
To decrypt a configuration file you will need a 16-character AES key that you specified
when you encrypted the file. The key (or passphrase) is limited to 16 characters and
supports special characters ~^`%!&-_+=|.@*:;,?()[]{}<>/\# as well as spaces.
Note: The encryption of configuration files is supported only for the auto provisioning
process. Encrypt files only if you intend to store them on a provisioning server. Do not
encrypt files that you intend to manually import to the phone. You cannot enable
decryption for manually imported configuration files.
To encrypt a configuration file:
You can use for example an open source tool such as Openssl, which can be downloaded
from the Openssl project site. If this is the case, proceed as follows.
1. (Optional) Place your configuration file in the same folder as the openssl.exe file. If
the configuration file is not in the same folder as the openssl.exe file, you can enter a
relative pathname for the [infile] in the next step.
2. On the openssl command line, type:
enc -aes-256-cbc -pass pass:[passphrase123456] -in [infile] -out [outfile] -nosalt -p
Elements in brackets are examples—do not enter the brackets. Enter a 16-character
passphrase and the unencrypted configuration file filename (the "infile") and a name for
the encrypted file ("outfile") that will result.
To enable configuration file decryption via WUI:
Temporis IP150 Administration and Provisioning Guide ed 0.1 83/106