Procedure to encrypt/decrypt configuration files, Encryption and the ip phone – Aastra Telecom SIP 480I User Manual

Encryption and the IP Phone

41-001129-00 Rev 09, Release 1.4.1

7-3

Encryption and the IP Phone

Encryption and the IP Phone

To make changes to the configuration files, the System Administrator must
decrypt the files, make the changes, and re-encrypt the files. The encrypted files
must then be downloaded to the IP phones again.

Procedure to Encrypt/Decrypt Configuration Files

To encrypt the IP phone configuration files:

1.

Open a command line window application (i.e., DOS window).

2.

At the prompt, enter anacrypt.exe and press .

C:\> anacrypt.exe -h

Provides encryption and decryption of the configuration files used for the family
of Aastra IP phones, using 56bit triple-DES and site-specific keys.
Copyright (c) 2005, Aastra Technologies, Ltd.
Copyright (c) 1999, Philip J. Erdelsky
Usage:
anacrypt infile.{cfg|tuz} [-o outfile] [-p password] [-h]
[-v] Display version number
[-h] Display program help text
[-o [device:][path]] Writes output file on specific device or path
[-p password] Password used to generate the cryptographic key

Restrictions:
Infile extension determines operation, .cfg=plaintext to be encrypted,
.tuz=ciphertext to be decrypted. Outfile extension is opposite of input.
Filenames may optionally include any non-wildcard subset of [device:][\path\].
If -p is omitted, user is prompted to interactively enter the password.

Note: 3DES does not validate decryption, incorrect password produces garbage. For
site-specific keyfile security.cfg the plaintext must match password.

Note:

If the use of encrypted configuration files is enabled (via

security.tuz or pre-provisioned on the IP phone) the aastra.cfg and
.cfg files are ignored, and only the encrypted equivalent files
aastra.tuz and .tuz are read.