Encrypted Files on the IP Phone
41-001160-00, Release 2.1, Rev 04 7-3
Encrypted Files on the IP Phone
Encryption and the IP Phone
To make changes to the configuration files, the System Administrator must
decrypt the files, make the changes, and re-encrypt the files. The encrypted files
must then be downloaded to the IP phones again.
Procedure to Encrypt/Decrypt Configuration Files
To encrypt the IP phone configuration files:
1. Open a command line window application (i.e., DOS window).
2. At the prompt, enter anacrypt.exe and press <Return>.
C:\> anacrypt.exe -h
Provides encryption and decryption of the configuration files used for the family
of Aastra IP phones, using 56bit triple-DES and site-specific keys.
Copyright (c) 2005, Aastra Technologies, Ltd.
Copyright (c) 1999, Philip J. Erdelsky
Usage:
anacrypt infile.{cfg|tuz} [-o outfile] [-p password] [-h]
[-v] Display version number
[-h] Display program help text
[-o [device:][path]] Writes output file on specific device or path
[-p password] Password used to generate the cryptographic key
Restrictions:
Infile extension determines operation, .cfg=plaintext to be encrypted,
.tuz=ciphertext to be decrypted. Outfile extension is opposite of input.
Filenames may optionally include any non-wildcard subset of [device:][\path\].
If -p is omitted, user is prompted to interactively enter the password.
Note: 3DES does not validate decryption, incorrect password produces garbage. For
site-specific keyfile security.cfg the plaintext must match password.
Note: If the use of encrypted configuration files is enabled (via
security.tuz or pre-provisioned on the IP phone) the aastra.cfg and
<mac>.cfg files are ignored, and only the encrypted equivalent files
aastra.tuz and <mac>.tuz are read.