- If you want to encrypt configuration files in batch using a random AES key , you need to execute the following command:
Code:
./yealinkencrypt –f *.cfg [-p DESTPATH(Default as 'Encrypted')] -m
Example:
Code:
[root@localhost tmp]#./yealinkencrypt -f *.cfg -p /home/test -m
Generate AES Key...
Write file to /home/test/Aeskey.txt!
Write file to /home/test/0015652ac1cc_Security.enc!
Read file 0015652ac1cc.cfg!
Write file to /home/test/0015652ac1cc.cfg!
Write file to /home/test/Aeskey.txt!
Write file to /home/test/y000000000000_Security.enc!
Read file y000000000000.cfg!
Write file to /home/test/y000000000000.cfg!
This tool will encrypt all CFG files using random AES keys (each CFG file corresponds to a random AES key). You can find the encrypted CFG files, encrypted key files and an Aeskey.txt file storing the plaintext AES keys in the specified directory.
- If you want to encrypt configuration files in batch using a specified AES key, you need to execute the following command:
Code:
./yealinkencrypt –f *.cfg [-p DESTPATH(Default as 'Encrypted')] -k 0123456789123456
Example:
Code:
[root@localhost tmp]#./yealinkencrypt -f *.cfg -p /home/test -k 0123456789123456
AES Key: 0123456789123456
Generate Security Key File...
Generate Encrypt Config File...
Write file to /home/test/Aeskey.txt!
Write file to /home/test/0015652ac1cc_Security.enc!
Read file 0015652ac1cc.cfg!
Write file to /home/test/0015652ac1cc.cfg!
Write file to /home/test/Aeskey.txt!
Write file to /home/test/y000000000000_Security.enc!
Read file y000000000000.cfg!
Write file to /home/test/y000000000000.cfg!
This tool will encrypt all CFG files using a specified AES key . You can find the encrypted CFG files, encrypted key files and an Aeskey.txt file storing the plaintext AES key in the specified directory.
AES keys must be 16 characters and the supported characters contain: 0 ~ 9, A ~ Z, a ~ z.
3. Deploying Yealink IP phones using encrypted configuration files and AES keys
Scenario Operations:
(1). The administrator encrypts y000000000000.cfg and 0015651137F6.cfg files and then uploads y000000000000_Security.enc, 0015651137F6_Security.enc, y000000000000.cfg (encrypted) and 0015651137F6.cfg (encrypted) files to the root directory of the provisioning server.
(2). Reboot the IP phone to trigger auto provisioning process. For more information, refer to
Yealink IP Phones Auto Provisioning Guide.
During auto provisioning, the IP phone requests to download y000000000000.cfg file first. Because the downloaded configuration file is encrypted, the IP phone requests to download y000000000000_Security.enc file and then decrypts it into the plaintext key (e.g., key2) using the built-in key (e.g., key1). The IP phone then decrypts the configuration file using the key2. After decryption, the IP phone resolves configuration files and updates configuration settings onto the IP phone system. If the downloaded configuration file is not encrypted, the IP phone will not request to download y000000000000_Security.enc file and update configuration settings in the configuration file onto the IP phone system.
The way the IP phones process the <MAC>.cfg file is the same as the
<y000000000000>.cfg file.
You can refer to more detaisl in auto provisioning flowchart as below:
The following shows auto provisioning flowchart for Yealink IP phones. The way the IP phone processes the MAC-Oriented CFG file is the same to that of the Common CFG file.
Please be aware:
The purpose of these forums is to allow forum members collaborate and help each other.
Questions posted here won't be appreciated.
If you require assistance from Yealink technical support, please email to support@yealink.com or USA support support.usa@yealink.com