3-11
Cisco ATA 186 and Cisco ATA 188 Analog Telephone Adaptor Administrator’s Guide (H.323)
OL-4008-01
Chapter3 Configuring the Cisco ATA for H .323
Configuring the Cisco ATA Using a TFTP Server
Using the EncryptKey Parameter and cfgfmt ToolThe EncryptKey parameter encrypts binary files being transferred over TFTP. You can change this key
for each CiscoATA, so that only one specific Cisco ATA can decode the information.
By default, the CiscoATA-specific ata<macaddress> configuration file is not encrypted. If encryption
is required, however, you must manually configure the EncryptKey parameter before you boot up the
Cisco ATA so that the TFTP method is secure. Use either the voice configuration menu (see the “Voice
Configuration Menu” section on page 3-15) or the Cisco ATA web configuration page (see the
“CiscoATA Web Configuration Page” section on page3-18) to configure the EncryptKey parameter.
Note Because the factory-fresh ATA cannot accept encrypted configuration files, the first unencrypted file, if
intercepted, can easily be read. (You would still have to know the data structure format in order to decode
the binary information from the unencrypted file.) Therefore, the new encryption key in the unencrypted
file can be compromised.
Set the EncryptKey parameter to a nonzero value. When this value is nonzero, the CiscoATA assumes
that the binary configuration file on the TFTP server is to be encrypted with this key by means of the
RC4 cipher algorithm. The CiscoATA will use this key to decrypt the configuration file.
The Cisco ATA EncryptKey parameter and the encryption key used in the cfgfmt tool command syntax
must match.
Note For security reasons, Cisco recommends that you set the UIPassword parameter (if desired) in the
configuration file and not by using one of the manual configuration methods.
The cfgfmt.exe syntax affects how the EncryptKey parameter is used, as shown in the following
examples. In these examples, input_text is the ata<macaddress>.txt file that you will convert to binary
to create the ata<macaddress> configuration file for the CiscoATA; output_binary is that binary
ata<macaddress> file, and Secret is the encryption key.
Syntax examples
•cfgfmt -tpTagFile input-text-file output-binary-file
If input-text-file sets the CiscoATA EncryptKey parameter to 0, then output-binary-file is not
encrypted. If the input-text-file sets EncryptKey to a non-zero value, th en output-binary-file is
encrypted with that value.
•cfgfmt -eSecret -tpTagFile input-text-file output-binary-file
If the Cisco ATA EncryptKey parameter has the value of 0 or is not included in input-text-file, the
Secret is used to encrypt the output-binary-file. If input-text-file sets the CiscoATA EncryptKey
parameter to a nonzero value and the -e option is used, then output-binary-file is encrypted with the
EncryptKey parameter set in input-text-file and Secret is ignored.
•cfgfmt -E -tpTagFile input-text-file output-binary-file
The -E (uppercase) option means that any value specified for the CiscoATA EncryptKey parameter
in input-text-file is ignored. However, because Secret is not specified in this example,
output-binary-file is not encrypted. Nevertheless, the EncryptKey parameter and its value, if
specified in input-file-text, will be included in output-binary-file for possible encryption at a later
time.