Cisco SPA901-UK Provisioning Guide - Page 36

Creating Provisioning Scripts Encrypting a File with the SPC 2 Preencrypting configuration profiles offline with symmetric key encryption allows the use of HTTP for resyncing profiles. The provisioning server uses HTTPS to handle initial provisioning of IP Telephony devices after deployment. This feature reduces the load on the HTTPS server in large scale deployments. The final file name does not need to follow a specific format, but it is conventional to end the name with the .cfg extension to indicate that it is a configuration profile. Encrypting a File with the SPC The SPC can generate different types of configuration files by using different types of encryption. • Generic, non-targeted CFG file, without an explicit key • Targeted (--target option), also encrypts the CFG file without an explicit key, but uses the MAC address of the target IP Telephony device, and only that device can decode it • Explicit key-based encryption of the CFG file. Generic A generic, non-targeted CFG file is accepted as valid by any IP Telephony device that resyncs to it. The following command generates a basic CFG file: spc spa962.txt spa962.cfg This example compiles the plain-text spa962.txt file into the binary spa962.cfg file understood by the SPA962. The --scramble option performs encryption that does not require the explicit transmission of a key to the target device. It requires one randomizing argument. For example, spc --scramble SomeSecretPhrase spa962.txt spa962.cfg The resulting encrypted spa962.cfg is accepted as valid by any IP Telephony device that resyncs to it. Cisco Small Business IP Telephony Devices Provisioning Guide 35