Cisco SPA901-UK Provisioning Guide - Page 37

Creating Provisioning Scripts Encrypting a File with the SPC 2 Targeted The --target option also encrypts the CFG file without the need to explicitly transmit a key, but does so in such a way that only the target IP Telephony device can decode it. Targeted CFG files provide a basic level of security. This command uses the MAC address of the target device as an argument. Refer to the following example: spc --target 000e08aabbcc spa962.txt spa962.cfg This example command uses the MAC address 000e08aabbcc, and only the IP Telephony device with that MAC address is able to decrypt and process the generated spa962.cfg profile. If any other IP Telephony device attempts to resync to this file, the device rejects the file as unreadable. Explicit Key The explicit key-based encryption of the CFG file requires that the key used to encrypt the file be preprovisioned in the target device, so that the file can be decoded. Two algorithms are available for this type of encryption: • RC4 (--rc4) • AES (--aes) The key can be specified either explicitly as a hexadecimal digit sequence (--hexkey) or by hashing a secret phrase (--ascii-key). With the --hex-key option, the key can be up to 256 bits in length. With the --ascii-key option the generated key is 128 bits. The following example commands illustrate explicit key-based encryption: spc --rc4 --ascii-key apple4sale spa962.txt spa962.cfg spc --aes --ascii-key lucky777 spa962.txt spa962.cfg spc --aes --ascii-key "my secret phrase" spa962.txt spa962.cfg spc --aes --hex-key 8d23fe7...a5c29 spa962.txt spa962.cfg Any combination of scrambling, targeting, and explicit-key encrypting can be applied to a CFG file, as shown by the following example: spc --target 000e08aaa010 --aes --ascii-key VerySecret a.txt a.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 36