Encrypt A Profile With Openssl - Cisco 8800 Series Manual

Encrypt a Profile with OpenSSL

Note Compression must precede encryption for the phone to recognize a compressed and encrypted XML profile.
For integration into customized back-end provisioning server solutions, the open source zlib compression
library can be used in place of the standalone gzip utility to perform the profile compression. However, the
phone expects the file to contain a valid gzip header.
Procedure
Step 1 Install gzip on the local PC.
Step 2 Compress the
from the command line:
gzip basic.txt
This generates the deflated file
Step 3 Save the
Step 4
Modify the Profile_Rule on the test device to resync to the deflated file in place of the original XML file, as
shown in the following example:
tftp://192.168.1.200/basic.txt.gz
Step 5
Click Submit All Changes.
Step 6 Observe the syslog trace from the phone.
Upon resync, the phone downloads the new file and uses it to update its parameters.
Encrypt a Profile with OpenSSL
A compressed or uncompressed profile can be encrypted (however, a file must be compressed before it is
encrypted). Encryption is useful when the confidentiality of the profile information is of particular concern,
such as when TFTP or HTTP is used for communication between the phone and the provisioning server.
The phone supports symmetric key encryption by using the 256-bit AES algorithm. This encryption can be
performed by using the open source OpenSSL package.
Procedure
Step 1 Install OpenSSL on a local PC. This might require that the OpenSSL application be recompiled to enable
AES.
Step 2 Using the
with the following command:
Cisco IP Phone 8800 Series Multiplatform Phone Administration Guide for Release 11.3(1) and Later
64
configuration profile (described in
basic.txt
basic.txt.gz
file in the TFTP server virtual root directory.
basic.txt.gz
configuration file (described in
basic.txt
TFTP Resync, on page
.
TFTP Resync, on page
Cisco IP Phone Provisioning
41) by invoking gzip
41), generate an encrypted file