Aastra Telecom 55I, 57I CT, 53I manual Procedure to Encrypt/Decrypt Configuration Files

To make changes to the configuration files, the System Administrator must decrypt the files, make the changes, and re-encrypt the files. The encrypted files must then be downloaded to the IP phones again.

Note: If the use of encrypted configuration files is enabled (via security.tuz or pre-provisioned on the IP phone) the aastra.cfg and <mac>.cfg files are ignored, and only the encrypted equivalent files aastra.tuz and <mac>.tuz are read.

Procedure to Encrypt/Decrypt Configuration Files

To encrypt the IP phone configuration files:

1.Open a command line window application (i.e., DOS window).

2.At the prompt, enter anacrypt.exe and press <Return>.

C:\> anacrypt.exe -h

Provides encryption and decryption of the configuration files used for the family of Aastra IP phones, using 56bit triple-DES and site-specific keys.

Copyright (c) 2005, Aastra Technologies, Ltd.

Copyright (c) 1999, Philip J. Erdelsky

Usage:

anacrypt infile.{cfgtuz} [-o outfile] [-p password] [-h] [-v] Display version number

[-h] Display program help text

[-o [device:][path]] Writes output file on specific device or path [-p password] Password used to generate the cryptographic key

Restrictions:

Infile extension determines operation, .cfg=plaintext to be encrypted,

.tuz=ciphertext to be decrypted. Outfile extension is opposite of input. Filenames may optionally include any non-wildcard subset of [device:][\path\]. If -p is omitted, user is prompted to interactively enter the password.

Note: 3DES does not validate decryption, incorrect password produces garbage. For site-specific keyfile security.cfg the plaintext must match password.

Encryption and the IP Phone