Procedure to encrypt configuration files, Procedure to encrypt configuration files -3 – AASTRA 6700i series, 9143, 9480i, 9480i CT SIP Administrator Guide EN User Manual

Page 690

41-001343-01 Rev 03, Release 3.2.2

7-3

The security feature described above prevents unauthorized parties from reading or writing the

contents of the .tuz file. It also provides the following:
• Prevents users from using the .tuz file that does not match the user’s phone MAC

address.

• Renders the .tuz file invalid if the user renames the file.
• Works with IP phone releases prior to Release 2.2.
• Provides compatibility between the previous encryption routine and the new decryption

routine.

Procedure to Encrypt Configuration Files

To encrypt the IP phone configuration files:

Open a command line window application (i.e., DOS window).

At the prompt, enter anacrypt.exe and press .

C:\>

anacrypt.exe -h

Provides encryption of the configuration files used for the family of Aastra IP phones, using

56bit triple-DES and site-specific keys.

Usage:

anacrypt {infile.cfg|-d

} [-p password] [-m] [-i] [-v] [-h]

Note

: Incorrect password produces garbage. For site-specific keyfile security.cfg the

plaintext must match password.

Anacrypt Switch

Description

{infile.cfg | -d

}

Specifies that all .cfg files in

should be encrypted

[-p password]

Specifies password used to generate keys

-m

Generate MAC.tuz files that are phone specific.

This switch generates files that are

only usable for phones with firmware version 2.2.0 and above.

-i

Generate security.tuz file

-v

Specifies the version of encryption that the anacrypt tool uses. Use version 1 encryption
(i.e., -v1) to generate firmware that is readable by all model phones.

Without the -v1

switch, the anacrypt tool generates files that are only readable by phones with

firmware 2.2.0 and above.

-h

Display program help text