Open Profile Compression; Open Profile Encryption With Aes - Cisco 6800 Series Provisioning Manual

Multiplatform phones

Hide thumbs Also See for 6800 Series:

Administration manual (358 pages)

User manual (222 pages)

Hardware installation (20 pages)

Table Of Contents

100

101

102

103

104

page of 104

/ 104
Contents
Table of Contents
Bookmarks

Table of Contents

Open Profile Compression

The supported compression method is the gzip deflate algorithm (RFC1951). The gzip utility and the

compression library that implements the same algorithm (zlib) are available from Internet sites.

To identify compression, the phone expects the compressed file to contain a gzip compatible header. Invocation

of the gzip utility on the original Open profile generates the header. The phone inspects the downloaded file

header to determine the file format.

For example, if

commands can generate this profile type:

•

A tutorial on compression is provided in the

Open Profile Encryption with AES

Symmetric key encryption can be used to encrypt an Open configuration profile, whether the file is compressed

or not. The supported encryption algorithm is the American Encryption Standard (AES), using 256-bit keys,

applied in cipher block chaining mode.

Note

Compression must precede encryption for the phone to recognize a compressed and encrypted Open format

profile.

The OpenSSL encryption tool, available for download from various Internet sites, can perform the encryption.

Support for 256-bit AES encryption may require recompilation of the tool to enable the AES code. The

firmware has been tested against version openssl-0.9.7c.

For an encrypted file, the profile expects the file to have the same format as generated by the following

command:

# example encryption key = SecretPhrase1234

openssl enc –e –aes-256-cbc –k SecretPhrase1234 –in profile.xml –out profile.cfg

# analogous invocation for a compressed xml file

openssl enc –e –aes-256-cbc –k SecretPhrase1234 –in profile.xml.gz –out profile.cfg

A lowercase -k precedes the secret key, which can be any plain text phrase, and which is used to generate a

random 64-bit salt. With the secret specified by the -k argument, the encryption tool derives a random 128-bit

initial vector and the actual 256-bit encryption key.

Cisco IP Phone 6800 Series Multiplatform Phones Provisioning Guide

is a valid profile, the file

profile.xml

>gzip profile.xml

Replaces original file with compressed file.

>cat profile.xml | gzip > profile.xml.gz

Leaves original file in place, produces new compressed file.

Encrypt a Profile with OpenSSL, on page 59

is also accepted. Either of the following

profile.xml.gz

Compress an Open Profile with Gzip, on page 58

provides a tutorial on encryption.

Provisioning Scripts

section.

Table of Contents

Open Profile Compression; Open Profile Encryption With Aes - Cisco 6800 Series Provisioning Manual

Open Profile Compression

Open Profile Encryption with AES

Related Manuals for Cisco 6800 Series

Related Content for Cisco 6800 Series

Table of Contents