Cisco SPA2102-AU Provisioning Guide - Page 31

Configuration File Compression, File Encryption - replacement

Get Cisco SPA2102-AU PDF manuals and user guides View all Cisco SPA2102-AU manuals
Add to My Manuals
Save this manual to your list of manuals

Page 31 highlights

Chapter 2 Creating Provisioning Scripts Open Format Configuration File Configuration File Compression Optionally, the XML configuration profile can be compressed to reduce the network load on the provisioning server. The supported compression method is the gzip deflate algorithm (RFC1951). The gzip utility and a compression library that implements the same algorithm (zlib) are readily available from Internet sites. To identify when compression is applied, the SPA expects the compressed file to contain a gzip compatible header, as generated by invoking the gzip utility on the original XML file. For example, if profile.xml is a valid profile, the file profile.xml.gz is also accepted. This example be generated with either of the following commands: Example 2-7 Compressing the Configuration Profile # first invocation, replaces original file with compressed file: gzip profile.xml # second invocation, leaves original file in place, produces new compressed file: cat profile.xml | gzip > profile.xml.gz The SPA inspects the downloaded file header to determine the format of the file. The choice of file name is not significant and any convention that is convenient for the service provider can be used. File Encryption An XML configuration profile can be encrypted using symmetric key encryption, whether or not it is already compressed. The supported encryption algorithm is the American Encryption Standard (AES), using 256-bit keys, applied in cipher block chaining mode. Note Compression must precede encryption for the SPA to recognize a compressed and encrypted XML profile. First generate the XML, then compress with gzip, and finally encrypt. The OpenSSL encryption tool, available for download from various Internet sites, can be used to perform the encryption. Note that support for 256-bit AES encryption may require recompilation of the tool (so as to enable the AES code). The SPA firmware has been tested against version openssl-0.9.7c. If encrypted, the profile expects the file to have the same format as generated by the following command: Version 3.0 Linksys SPA Provisioning Guide 2-5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
2-5
Linksys SPA Provisioning Guide
Version 3.0
Chapter 2
Creating Provisioning Scripts
Open Format Configuration File
<Speed_Dial_2_2_
ua=”rw”/>
<Speed_Dial_3_2_
ua=”rw”/>
<Speed_Dial_4_2_
ua=”rw”/>
<Speed_Dial_5_2_
ua=”rw”/>
<Speed_Dial_6_2_
ua=”rw”/>
<Speed_Dial_7_2_
ua=”rw”/>
<Speed_Dial_8_2_
ua=”rw”/>
<Speed_Dial_9_2_
ua=”rw”/>
</flat-profile>
Configuration File Compression
Optionally, the XML configuration profile can be compressed to reduce the network load on the
provisioning server. The supported compression method is the gzip deflate algorithm (RFC1951). The
gzip utility and a compression library that implements the same algorithm (zlib) are readily available
from Internet sites.
To identify when compression is applied, the SPA expects the compressed file to contain a gzip
compatible header, as generated by invoking the gzip utility on the original XML file.
For example, if profile.xml is a valid profile, the file profile.xml.gz is also accepted. This example be
generated with either of the following commands:
Example 2-7
Compressing the Configuration Profile
# first invocation, replaces original file with compressed file:
gzip profile.xml
# second invocation, leaves original file in place, produces new compressed file:
cat profile.xml | gzip > profile.xml.gz
The SPA inspects the downloaded file header to determine the format of the file. The choice of file name
is not significant and any convention that is convenient for the service provider can be used.
File Encryption
An XML configuration profile can be encrypted using symmetric key encryption, whether or not it is
already compressed. The supported encryption algorithm is the American Encryption Standard (AES),
using 256-bit keys, applied in cipher block chaining mode.
Note
Compression must precede encryption for the SPA to recognize a compressed and encrypted XML
profile. First generate the XML, then compress with gzip, and finally encrypt.
The OpenSSL encryption tool, available for download from various Internet sites, can be used to
perform the encryption. Note that support for 256-bit AES encryption may require recompilation of the
tool (so as to enable the AES code). The SPA firmware has been tested against version openssl-0.9.7c.
If encrypted, the profile expects the file to have the same format as generated by the following command: