Yealink Forums

Yealink Forums > IP Phone Series > Auto Provisioning > Provisioning in v81 and encryption
Full Version: Provisioning in v81 and encryption
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Dalton

07-25-2017, 01:58 PM
Hi There

I have encrypted the common CFG file and the MAC CFG file, however, the phone (T23G - v44.81.0.15) that I am testing with does not decrypt the phones. The latest document states that we are to set the parameter to "static.auto_provision.aes_key_in_file = 1". If I do this in the common file and then encrypt the common file, it doesn't know to set this parameter. So if I only encrypt rhe MAC CFG file and don't encrypt the common file, then it works.

I need to encrypt both the common and CFG files, how can I get the phone to decrypt the files if the parameter that tells it to look for the encrypted files is encrypted in and of itself?

P.S: I tried using the boot file to look for a file called "enc.cfg" that contains "static.auto_provision.aes_key_in_file = 1", but then the phone doesn't proceed to look for its common CFG and MAC CFG file. How can I also get the boot file to contain a variable to tell the phone to look for its own MAC Oriented file and Common file? Then I can share this common boot file across all endpoints telling it to look for the encrypted configuration files.

Regards
Dalton

eagle21221

11-09-2017, 03:20 PM
The way i found out is a pain and alot of work.

you need to set a boot file for each phone. IE the phone's "macaddress.boot"

Then inside the "macaddress.boot" have:
########################
#!version:1.0.0.1
## The header above must appear as-is in the first line

include:config <encrypt.cfg> #<- not encrypted
include:config "y0000000000xx.cfg" #<- encrypted
include:config "macaddress.cfg" #<- encrypted

overwrite_mode = 1
########################

Inside encrypt.cfg
########################
#!version:1.0.0.1
static.auto_provision.aes_key_in_file = 1

#it seems to lose its provisioning settings after the first time you run it.
static.auto_provision.server.url =
static.auto_provision.server.username =
static.auto_provision.server.password =
########################
Then put the files in the root folder of the provision server url.

encrypt.cfg #<- not encrypted
y0000000000xx.cfg #<- encrypted
macaddress.cfg #<- encrypted

its a pain and you need to run it twice, first time it goes through and sets decrypt by file, and the second time it auto provisions it decrypts the files.

another easier way is just use a site AES key and when your setting up the auto provision server on the phone you just input the site AES key for both common and mac. Better than going through and setting up a boot for each phone.
Yealink Forums > IP Phone Series > Auto Provisioning > Provisioning in v81 and encryption
Reference URL's