Linksys SPA2102-AU Provisioning Manual page 33

Chapter 2 Creating Provisioning Scripts
A generic, non-targeted CFG file is accepted as valid by any SPA that resyncs to it. The following
command generates a basic CFG file:
spc spa2102.txt spa2102.cfg
This example compiles the plain-text spa2102.txt file into the binary spa2102.cfg file understood by the
SPA2102. The --scramble option performs encryption that does not require the explicit transmission of
a key to the target SPA. It requires one randomizing argument. For example,
spc --scramble SomeSecretPhrase spa2102.txt spa2102.cfg
The resulting encrypted spa2102.cfg is accepted as valid by any SPA that resyncs to it.
The --target option also encrypts the CFG file without the need to explicitly transmit a key, but does so
in such a way that only the target SPA can decode it. Targeted CFG files provide a basic level of security.
This command uses the MAC address of the target SPA as an argument. For example,
spc --target 000e08aabbcc spa2102.txt spa2102.cfg
This command uses the MAC address 000e08aabbcc, and only the SPA with that MAC address is able
to decrypt and process the generated spa2102.cfg profile. Any other SPA attempting to resync to this file
rejects it as unreadable.
The third option performs an explicit key-based encryption of the CFG file. This option requires that the
key used to encrypt the file be preprovisioned in the target SPA, so that it can be decoded.
Two algorithms are available for this type of encryption:
•
RC4 (--rc4)
•
AES (--aes)
In addition, the key can be specified either explicitly as a hexadecimal digit sequence (--hex-key) or by
hashing a secret phrase (--ascii-key). With the --hex-key option, the key can be up to 256 bits in length.
With the --ascii-key option the generated key is 128 bits.
The following examples illustrate explicit key-based encryption.
spc –-rc4 –-ascii-key apple4sale spa2102.txt spa2102.cfg
spc –-aes –-ascii-key lucky777 spa2102.txt spa2102.cfg
spc –-aes –-ascii-key "my secret phrase" spa2102.txt spa2102.cfg
spc –-aes –-hex-key 8d23fe7...a5c29 spa2102.txt spa2102.cfg
Any combination of scrambling, targeting, and explicit-key encrypting can be applied to a CFG file, as
shown by the following example:
spc –-target 000e08aaa010 –-aes –-ascii-key VerySecret a.txt a.cfg
After each compilation, SPC prints a final status message. Syntax error messages are also printed if a
compilation is not successful.
The status and error messages printed by SPC are suppressed with the --quiet command line option.
Messages can be redirected to a file with the --log file_name option. In the latter case, the SPC command
itself is also printed in the log file, preceded by a timestamp.
spc –-quiet . . .
spc –-log prov.log . . .
SPC can also be used to generate sample configuration source files (for both plain text and XML
formats), corresponding to the accompanying firmware release. The commands for producing sample
files are as follows:
# sample plain.txt to be used as source file for eventual spc compilation:
Version 3.0
SPA Configuration Profile Compiler
Linksys SPA Provisioning Guide
2-7