User's Manual
19.5.3 Encrypting the Configuration File using CLI
Encrypted files include the file name extension *.cfx (instead of *.cfg) or *.inx (instead of
*.ini). After the device loads the encrypted file from the HTTP server, it automatically
identifies the encrypted file by its file name extensions *.cfx or *.inx, and subsequently
decrypts the file before saving it to flash memory.
The following procedure describes how to encrypt configuration files.
To encrypt a configuration file:
Run the following CLI shell command (on Linux or Windows PC with OpenSSL
installed):
openssl des3 -in <original file> -out <encrypted file> -k
<password> -S <salt value>
Where,
•
<original file> is the original clear-text configuration file (*.cfg or *.ini file).
•
<encrypted file> is the output file (an encrypted *.cfx or *.inx file).
•
<password> is the password that is used to encrypt the file.
•
<salt value> is the 8 bytes of a special key value that is combined with the
password. The format is 16 hexadecimal digits [0-9,A-F].
An example of this command is shown below:
openssl des3 -in c:\temp\try_enc_conf.cfg -out
c:\temp\try_enc_conf.cfx -k MyPassword123456 -S 0123456789ABCDEF
Notes:
Version 4.4.0
•
You can choose any <salt value> – the device does not have to know
about it.
•
A password can be pre-configured in the device, using the following CLI
command:
conf set_obscure/rmt_config/password <password>
For example: tftp://1.2.3.4/file
•
You can also define the password in a configuration file that you download
from the server.
•
If you don't define a password in the configuration file, a default password
is used. Different default passwords are defined per customer, according
to the config-file url hostname.
359
19. Maintenance
MP26x/MP27x