Cisco Systems ATA186I2ARF manual Using the EncryptKey Parameter and cfgfmt Tool, Command Output

Chapter 3 Configuring the Cisco ATA for SIP

Configuring the Cisco ATA Using a TFTP Server

Command Output

ata0a141e28323c

Note The same functionality is available from the voice configuration menu (voice menu code 84#), which will announce the Cisco ATA profile name.

Using the EncryptKey Parameter and cfgfmt Tool

The EncryptKey parameter encrypts binary files being transferred over TFTP. You can change this key for each Cisco ATA, so that only one specific Cisco ATA can decode the information.

By default, the Cisco ATA-specific ata<macaddress> configuration file is not encrypted. If encryption is required, however, you must manually configure the EncryptKey parameter before you boot up the Cisco ATA so that the TFTP method is secure. Use either the voice configuration menu (see the “Voice Configuration Menu” section on page 3-15) or the Cisco ATA web configuration page (see the “Cisco ATA Web Configuration Page” section on page 3-18) to configure the EncryptKey parameter.

Note Because the factory-fresh ATA cannot accept encrypted configuration files, the first unencrypted file, if intercepted, can easily be read. (You would still have to know the data structure format in order to decode the binary information from the unencrypted file.) Therefore, the new encryption key in the unencrypted file can be compromised.

Set the EncryptKey parameter to a nonzero value. When this value is nonzero, the Cisco ATA assumes that the binary configuration file on the TFTP server is to be encrypted with this key by means of the RC4 cipher algorithm. The Cisco ATA will use this key to decrypt the configuration file.

The Cisco ATA EncryptKey parameter and the encryption key used in the cfgfmt tool command syntax must match.

Note For security reasons, Cisco recommends that you set the UIPassword parameter (if desired) in the configuration file and not by using one of the manual configuration methods.

The cfgfmt.exe syntax affects how the EncryptKey parameter is used, as shown in the following examples. In these examples, input_text is the ata<macaddress>.txt file that you will convert to binary to create the ata<macaddress> configuration file for the Cisco ATA; output_binary is that binary ata<macaddress> file, and Secret is the encryption key.

Syntax examples

•cfgfmt -tpTagFileinput-text-file output-binary-file

If input-text-file sets the Cisco ATA EncryptKey parameter to 0, then output-binary-file is not encrypted. If the input-text-file sets EncryptKey to a non-zero value, then output-binary-file is encrypted with that value.

•cfgfmt -eSecret -tpTagFileinput-text-file output-binary-file

If the Cisco ATA EncryptKey parameter has the value of 0 or is not included in input-text-file, the Secret is used to encrypt the output-binary-file. If input-text-file sets the Cisco ATA EncryptKey parameter to a nonzero value and the -e option is used, then output-binary-file is encrypted with the EncryptKey parameter set in input-text-file and Secret is ignored.

Cisco ATA 186 and Cisco ATA 188 Analog Telephone Adaptor Administrator’s Guide (SIP)