the device downloads the new plain text MAC-specific configuration file, the server again deletes it and
encrypts the configuration files with the new key.
Devices always accept a plain text MAC-specific configuration file if the server provides one.
Note
1. We strongly recommended that the server pass the key to the device using the standard configuration
file.
2. Use an OpenSSL command to encrypt the configuration file and assign the file extension ".enc" to the
encrypted configuration file.
OpenSSL command for encrypting a file:
openssl enc -aes-128-cbc -a -salt -pass pass:
12341234abcdabcd12341234abcdabcd -in plain.txt -out encrypted.enc
OpenSSL command for decrypting a file:
openssl enc -d -aes-128-cbc -a -pass pass:
12341234abcdabcd12341234abcdabcd -in encrypted.enc
3. The supported algorithms for encryption and decryption are:
AES-128-CBC, AES-196-CBC, and AES-256-CBC
4. Use the following parameters to specify the key information in the plain text MAC-specific configuration
file.
CFG_FILE_KEY (see ® Page 234): used to specify the key
CFG_FILE_KEY_LENGTH (see ® Page 234): used to specify the encrypt/decrypt algorithm
Example
This example assumes the following:
1. The initial configuration file only specifies to use the standard configuration file.
2. After the device downloads the initial configuration file and the standard configuration file, it detects that a
key is provided by the server.
48 Administrator Guide Document Version 2014-05
2.6.1 Using Encryption When Transferring Configuration Files