Encrypted Files on the IP Phone

Procedure to Encrypt Configuration Files

To encrypt the IP phone configuration files (using a Microsoft Windows OS):

1.Obtain the anacrypt encryption tool (anacrypt.exe) from your Aastra representative.

2.Open a command line window application (i.e. DOS window).

3.At the prompt, enter anacrypt.exe and press <Return>.

4.Enter a command utilizing the details provided in the help screen.

C:\> anacrypt.exe -h

Provides encryption of the configuration files used for the family of Aastra IP phones.

Copyright (c) 2005-2012, Aastra Technologies, Ltd.

Usage:

anacrypt {infile.cfg-d <dir>} [-p password] [-m] [-i] [-v] [-h]

Anacrypt Switch

Description

{infile.cfg -d <dir>}

Specifies that all .cfg files in <dir> should be encrypted.

 

 

[-p password]

Specify password used to generate keys.

 

 

-m

Generate MAC.tuz files that are phone specific. This switch generates files that are

 

only usable for phones with firmware version 2.2.0 and above.

 

 

-v1

Specifies the version of encryption that the anacrypt tool uses. Use version 1 encryption (i.e. -v1) to generate files that

 

are readable by all model phones.

 

 

-v2

(Default) Specifies the version of encryption that the anacrypt tool uses. Use version 2 encryption (i.e. -v2) to generate

 

files that are readable by phones with firmware 2.2.0 and above.

 

 

-v3

(Enhanced security version) Specifies the version of encryption that the anacrypt tool uses. Use version 3 encryption

 

(i.e. -v3) to generate files that are readable by phones with firmware 3.3.1 and above.

 

 

-i

Generate security.tuz file.

 

 

-h

Show the help screen.

 

 

Notes:

Configuration files that are encrypted using v3 encryption can only be decoded by phones on Release 3.3.1 (and above).Customers with v3-encrypted configuration files will lose the ability to decode the files (and in turn will lose all previously configured settings) if they downgrade their phones to any firmware release prior to 3.3.1.

An incorrect password produces garbage. For site-specific keyfile security.cfg the plaintext must match the pass- word.

Examples

The following examples illustrate the use of the anacrypt.exe file.

Example 1

Generating a security.tuz file with password 1234abcd:

For firmware version 3.3.1 (enhanced security):

C:\>anacrypt -i -p 1234abcd -v3

7-3

41-001343-02 REV04 – 05.2014

Page 569 Page 571
Page 570
Image 570
Aastra Telecom 41-001343-02 Procedure to Encrypt Configuration Files, anacrypt -i -p 1234abcd, Anacrypt Switch Description
Page 569 Page 571
Top Page Image Contents