Dalton
Asterisk DCAP Certified Engineer
Posts: 10
Joined: May 2015
|
Provisioning in v81 and encryption
Hi There
I have encrypted the common CFG file and the MAC CFG file, however, the phone (T23G - v44.81.0.15) that I am testing with does not decrypt the phones. The latest document states that we are to set the parameter to "static.auto_provision.aes_key_in_file = 1". If I do this in the common file and then encrypt the common file, it doesn't know to set this parameter. So if I only encrypt rhe MAC CFG file and don't encrypt the common file, then it works.
I need to encrypt both the common and CFG files, how can I get the phone to decrypt the files if the parameter that tells it to look for the encrypted files is encrypted in and of itself?
P.S: I tried using the boot file to look for a file called "enc.cfg" that contains "static.auto_provision.aes_key_in_file = 1", but then the phone doesn't proceed to look for its common CFG and MAC CFG file. How can I also get the boot file to contain a variable to tell the phone to look for its own MAC Oriented file and Common file? Then I can share this common boot file across all endpoints telling it to look for the encrypted configuration files.
Regards
Dalton
|
|
07-25-2017 01:58 PM |
|
eagle21221
Junior Member
Posts: 2
Joined: Nov 2017
|
RE: Provisioning in v81 and encryption
The way i found out is a pain and alot of work.
you need to set a boot file for each phone. IE the phone's "macaddress.boot"
Then inside the "macaddress.boot" have:
########################
#!version:1.0.0.1
## The header above must appear as-is in the first line
include:config <encrypt.cfg> #<- not encrypted
include:config "y0000000000xx.cfg" #<- encrypted
include:config "macaddress.cfg" #<- encrypted
overwrite_mode = 1
########################
Inside encrypt.cfg
########################
#!version:1.0.0.1
static.auto_provision.aes_key_in_file = 1
#it seems to lose its provisioning settings after the first time you run it.
static.auto_provision.server.url =
static.auto_provision.server.username =
static.auto_provision.server.password =
########################
Then put the files in the root folder of the provision server url.
encrypt.cfg #<- not encrypted
y0000000000xx.cfg #<- encrypted
macaddress.cfg #<- encrypted
its a pain and you need to run it twice, first time it goes through and sets decrypt by file, and the second time it auto provisions it decrypts the files.
another easier way is just use a site AES key and when your setting up the auto provision server on the phone you just input the site AES key for both common and mac. Better than going through and setting up a boot for each phone.
|
|
11-09-2017 03:20 PM |
|