Securing Configuration Files With Aes Encryption - VTech ErisTerminal VSP600 Administrator And Provisioning Manual

Securing configuration files with AES encryption

You can encrypt your configuration files to prevent unauthorized users modifying the
configuration files. The VSP600 firmware decrypts files using the AES 256 algorithm. After
encrypting a file and placing it on your provisioning server, you can enable the VSP600 to
decrypt the file after fetching it from the server.
The procedures in this section use OpenSSL for Windows for file encryption, as shown in
Figure 2.
To decrypt a configuration file, you will need a 16-character AES key that you specified
when you encrypted the file. The key (or passphrase) is limited to 16 characters in length
and supports special characters ~ ^ ` % ! & - _ + = | . @ * : ; , ? ( ) [ ] { } < > / \ # as well as
spaces.
The encryption of configuration files is supported only for the auto provisioning
process. Encrypt files only if you intend to store them on a provisioning server. Do
not encrypt files that you intend to manually import to the VSP600. You cannot
enable decryption for manually imported configuration files.
To encrypt a configuration file:
1. (Optional) Place your configuration file in the same folder as the openssl executable
file. If the configuration file is not in the same folder as the openssl executable file, you
can enter a relative pathname for the [infile] in the next step.
2. Double-click the openssl.exe file.
3. On the openssl command line, type:
enc -aes-256-cbc -pass pass:[passphrase123456] -in [infile] -out [outfile]
-nosalt -p
Elements in brackets are examples—do not enter the brackets. Enter a 16-character
passphrase and the unencrypted configuration file filename (the "infile") and a name for the
encrypted file ("outfile") that will result.
Provisioning Using Configuration Files
VSP600 Administrator and Provisioning Manual
Figure 2. OpenSSL command line
75
Back to Contents