Encrypted files on the ip phone, Configuration file encryption method, Encrypted files on the ip phone -2 – Aastra Telecom 9480i Series User Manual

Encrypted Files on the IP Phone

7-2

41-001160-03, Rev 00, Releaes 2.4

IP Phone Administrator Guide

Encrypted Files on the IP Phone

An encryption feature for the IP phone allows Service Providers the capability of
storing encrypted files on their server to protect against unauthorized access and
tampering of sensitive information (i.e., user accounts, login passwords,
registration information). Service Providers also have the capability of locking a
phone to use a specific server-provided configuration only.

Configuration File Encryption Method

Only a System Administrator can encrypt the configurations files for an IP Phone.
System Administrators use a password distribution scheme to manually
pre-configure or automatically configure the phones to use the encrypted
configuration with a unique key.

From a Microsoft Windows command line, the System Administrator uses an
Aastra-supplied encryption tool called "anacrypt.exe" to encrypt the .tuz
file.

This tool processes the plain text .cfg and aastra.cfg files and creates
triple-DES encrypted versions called .tuz and aastra.tuz. Encryption is
performed using a secret password that is chosen by the administrator.

The encryption tool is also used to create an additional encrypted tag file called
security.tuz, which controls the decryption process on the IP phones. If
security.tuz is present on the TFTP/FTP/HTTP server, the IP phones download it
and use it locally to decrypt the configuration information from the aastra.tuz and
.tuz files. Because only the encrypted versions of the configuration files
need to be stored on the server, no plain-text configuration or passwords are sent
across the network, thereby ensuring security of the configuration data.

Note:

Aastra also supplies encryption tools to support Linux platforms

(anacrypt.linux) and Solaris platforms (anacrypt.sunos) if required.

Draft 1