Linksys SPA921 Cisco Small Business IP Telephony Devices Provisioning Guide - Page 80

Provisioning Tutorial Profile Formats 3 Upon resync, the new file is downloaded by the IP Telephony Device and used to update its parameters. The file size of such a small profile is not reduced by gzip. Compression is only useful with larger profiles. For integration into customized back-end provisioning server solutions, the open source zlib compression library can be used in place of the standalone gzip utility to perform the profile compression. However, the IP Telephony Device expects the file to contain a valid gzip header. Profile Encryption A compressed or uncompressed profile can be encrypted. This is useful when the confidentiality of the profile information is of particular concern, such as when using TFTP or HTTP for communication between the IP Telephony Device and the provisioning server. The IP Telephony Device supports symmetric key encryption using the 256-bit AES algorithm. This encryption can be performed using the open source OpenSSL package. Exercise STEP 1 Install OpenSSL on a local PC. This may require recompilation to enable the AES code. STEP 2 Starting from the XML profile in basic.txt, generate an encrypted file with the following command: openssl enc -aes-256-cbc -k MyOwnSecret -in basic.txt -out basic.cfg The compressed basic.txt.gz file could be used instead because the XML profile can be both compressed and encrypted. STEP 3 Store the encrypted file basic.cfg in the TFTP server virtual root directory. STEP 4 Modify the Profile_Rule on the test device to resync to the encrypted file in place of the original XML file. The encryption key is made known to the IP Telephony Device with the following URL option: [--key MyOwnSecret ] tftp://192.168.1.200/basic.cfg Cisco Small Business IP Telephony Devices Provisioning Guide 78