Miscellaneous Administrative Tasks

 

You can check whether an encrypted file is the same as an unencrypted file by:

 

1. Run the configFileEncrypt utility on the unencrypted file with the "-d"

 

option. This shows the "digest" field.

 

2. Look at the encrypted file using WordPad and check the first line that

 

shows a "Digest=…." field. If the two fields are the same, then the

 

encrypted and unencrypted file are the same.

Note

 

 

If a phone downloads an encrypted file that it cannot decrypt, the action is logged,

 

an error message displays, and the phone reboots. The phone will continue to do

 

this until the boot server provides an encrypted file that can be read, an

 

unencrypted file, or the file is removed from the master configuration file list.

Note

 

 

 

 

The SoundPoint IP 300 and 500 phones will always fail at decrypting files. These

 

phones will recognize that a file is encrypted, but cannot decrypt it and will display

 

an error. This information is logged. Encrypted configuration files can only be

 

decrypted on the SoundPoint IP 301, 320, 330, 430, 501,550, 560, 600, 601, 650,

 

and 670 and the SoundStation IP 4000, 6000, and 7000 phones.

 

The master configuration file cannot be encrypted on the boot server. This file is

 

downloaded by the bootROM that does not recognize encrypted files. For more

 

information, refer to Master Configuration Files on page 2-5.

 

 

 

 

The following configuration file changes are required to modify this feature:

 

 

 

Central

Configuration File: sip.cfg

Specify the phone-specific contact directory and the

(boot server)

 

phone-specific configuration override file.

 

For more information, refer to Encryption

 

 

 

 

<encryption/> on page A-89.

 

 

 

 

Configuration file:

Change the encryption key.

 

<device>.cfg

For more information, refer to Flash Parameter

 

 

Configuration on page A-124.

 

 

 

Changing the Key on the Phone

For security purposes, it may be desirable to change the key on the phones and the server from time to time.

To change a key:

1.Put the new key into a configuration file that is in the list of files downloaded by the phone (specified in 000000000000.cfg or <Ethernet address>.cfg).

Use the device.sec.configEncryption.key parameter to specify the new key.

C - 5

Page 297
Image 297
Polycom 1725-11530-310 manual Changing the Key on the Phone, Option. This shows the digest field, Encryption/ on page A-89