Encrypted Files on the IP Phone

Encrypted Files on the IP Phone

To make changes to the configuration files, the System Administrator must decrypt the files, make the changes, and re-encrypt the files. The encrypted files must then be downloaded to the IP phones again.

Note: If the use of encrypted configuration files is enabled (via security.tuz or pre-provisioned on the IP phone) the aastra.cfg and <mac>.cfg files are ignored, and only the encrypted equivalent files aastra.tuz and <mac>.tuz are read.

Procedure to Encrypt/Decrypt Configuration Files

To encrypt the IP phone configuration files:

1.Open a command line window application (i.e., DOS window).

2.At the prompt, enter anacrypt.exe and press <Return>.

C:\> anacrypt.exe -h

Provides encryption and decryption of the configuration files used for the family of Aastra IP phones, using 56bit triple-DES and site-specific keys.

Copyright (c) 2005, Aastra Technologies, Ltd.

Copyright (c) 1999, Philip J. Erdelsky

Usage:

anacrypt infile.{cfgtuz} [-o outfile] [-p password] [-h] [-v] Display version number

[-h] Display program help text

[-o [device:][path]] Writes output file on specific device or path [-p password] Password used to generate the cryptographic key

Restrictions:

Infile extension determines operation, .cfg=plaintext to be encrypted,

.tuz=ciphertext to be decrypted. Outfile extension is opposite of input. Filenames may optionally include any non-wildcard subset of [device:][\path\]. If -p is omitted, user is prompted to interactively enter the password.

Note: 3DES does not validate decryption, incorrect password produces garbage. For site-specific keyfile security.cfg the plaintext must match password.

Encryption and the IP Phone

41-001160-00, Release 2.1, Rev 04

7-3

Page 473
Image 473
Aastra Telecom 55I, 57I CT Procedure to Encrypt/Decrypt Configuration Files, To encrypt the IP phone configuration files