Cisco SPA2102-AU Provisioning Guide - Page 31
Configuration File Compression, File Encryption - replacement
View all Cisco SPA2102-AU manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 31 highlights
Chapter 2 Creating Provisioning Scripts Open Format Configuration File Configuration File Compression Optionally, the XML configuration profile can be compressed to reduce the network load on the provisioning server. The supported compression method is the gzip deflate algorithm (RFC1951). The gzip utility and a compression library that implements the same algorithm (zlib) are readily available from Internet sites. To identify when compression is applied, the SPA expects the compressed file to contain a gzip compatible header, as generated by invoking the gzip utility on the original XML file. For example, if profile.xml is a valid profile, the file profile.xml.gz is also accepted. This example be generated with either of the following commands: Example 2-7 Compressing the Configuration Profile # first invocation, replaces original file with compressed file: gzip profile.xml # second invocation, leaves original file in place, produces new compressed file: cat profile.xml | gzip > profile.xml.gz The SPA inspects the downloaded file header to determine the format of the file. The choice of file name is not significant and any convention that is convenient for the service provider can be used. File Encryption An XML configuration profile can be encrypted using symmetric key encryption, whether or not it is already compressed. The supported encryption algorithm is the American Encryption Standard (AES), using 256-bit keys, applied in cipher block chaining mode. Note Compression must precede encryption for the SPA to recognize a compressed and encrypted XML profile. First generate the XML, then compress with gzip, and finally encrypt. The OpenSSL encryption tool, available for download from various Internet sites, can be used to perform the encryption. Note that support for 256-bit AES encryption may require recompilation of the tool (so as to enable the AES code). The SPA firmware has been tested against version openssl-0.9.7c. If encrypted, the profile expects the file to have the same format as generated by the following command: Version 3.0 Linksys SPA Provisioning Guide 2-5