...
The XML configuration file could be encrypted using AES-128-CBC using algorithm.
You could encrypt the cfgMAC.xml file using a key that contains 16 characters, the valid character is openssl.
The supported algorithm is AES-128-CBC. The parameter iv
is fixed 0B1E1D000F0B07091D1F04071F1E0407
, and the valid key (parameter K
) could contain 16 characters in [0 - 9, A - F].
There is an example.
Code Block | ||
---|---|---|
| ||
openssl enc -aes-128-cbc -K 001FC1BC -iv 0B1E1D000F0B07091D1F04071F1E0407 -in cfg001fc11e5105.xml -out cfg001fc11e5105b.xml |
The encryption key is defined in P8631 (Management->Auto Provision->Set Common AES Key) of the configuration file.
The Password length is from 1-16, and password must be [ 0-9, A-F]
THE SHARED IV: 0B1E1D000F0B07091D1F04071F1E0407
The OpenSSL command-line to encrypt the file is as follows:
Openssl enc –e –aes-128-cbc –K <password>-iv 0B1E1D000F0B07091D1F04071F1E0407 –in cfg.xml –out cfgxxxxxxxxxxxx.xml
When the XML configuration file is encrypted in this method, Phone would only be able to decrypt and parse the file if user set the XML Config File Password in P8631 of binary configuration file or in the web UI.
Detailed steps:
Step 1: Login webpage, click Management→Configuration, download cfg.xml file, then run, input "Openssl enc –e –aes-128-cbc –K <password>-iv 0B1E1D000F0B07091D1F04071F1E0407 –in cfg.xml –out Cfgxxxxxxxxxxxx.xml" (xxxxxxxxxxxx is the MAC address)
THE SHARED IV: 0B1E1D000F0B07091D1F04071F1E0407
Step 2: Put the Cfgxxxxxxxxxxxx.xml under upgrade server path
Step 3: You must set the AES Key: Management→Auto Provision: AES Key:
After you encrypt the cfgMAC file, you need to enable Authenticate Cfg File
and set a common AES key to let the phone could decrypt the file. In the above case, you should set it as 001FC1BC
.
You could find this setting on webpage → Management → Auto Provision → Set Common AES Key. (P-Code is P8631)
4. Customize Resource Files
...