Filter
Top Products
Administrator’s Guide - SoundPoint
®
IP / SoundStation
®
IP Installation and Operation
24 Copyright © 2006 Polycom, Inc.
the encryption is Advanced Encryption Standard (AES) 128 in Cipher Block Chaining
(CBC) mode. An example key would look like this:
Crypt=1;Key-
Desc=companyNameKey1;Key=06a9214036b8a15b512e03d534120006;
It is recommended that all keys have unique descriptive strings in order to allow sim-
ple identification of which key was used to encrypt a file. This makes boot server man-
agement easier.
After encrypting a configuration file, it is useful to rename the file to avoid confusing
it with the original version, for example rename sip.cfg to sip.enc. However, the direc-
tory and override filenames cannot be changed in this manner.
You can check whether an encrypted file is the same as an unencrypted file by:
1. Run the configFileEncrypt utility on the unencrypted file with the "-d" option. This
shows the "digest" field.
2. Look at the encrypted file using WordPad and check the first line that shows
a "Digest=…." field. If the two fields are the same then it is very likely that
the encrypted and unencrypted file are the same.
Note
If a phone downloads an encrypted file that it cannot decrypt, it logs, displays an error message, and
reboots. The phone will continue to do this until the boot server provides an encrypted file, an unen
-
crypted file, or the file is removed from the master configuration file list.
For more information on this feature, refer to 3.8.4 Configuration File Encryption on
page 75.
2.2.3.1 Changing the Key on the Phone
For security purposes, it may be desirable to change the key on the phones and the
server from time to time.
To change a key:
1. Put the new key into a configuration file that is in the list of files downloaded by the
phone (specified in 000000000000.cfg or <Ethernet address>.cfg). Use the
device.sec.configEncryption.key parameter to specify the new key.
2. Manually reboot the phone so that it will download the new key. The phone
will automatically reboot a second time to use the new key.