Yealink Configuration Encryption Tool User Manual

Yealink Configuration Encryption Tool User Guide

SOFTWARE LICENSE AGREEMENT

SOFTWARE LICENSE AGREEMENT FOR YEALINK CONFIGURATION CONVERSION TOOL IS

IMPORTANT. PLEASE READ THIS LICENSE AGREEMENT CAREFULLY BEFORE CONTINUING

WITH THIS PROGRAM: YEALINK NETWORK TECHNOLOGY CO., LTD Software License Agreement

(SLA) is a legal agreement between you (either an individual or a single entity) and Yealink Network

Technology CO., LTD. For the Yealink software product(s) identified above which may include

associated software components, media, printed materials, and “online” or electronic documentation

("SOFTWARE PRODUCT"). By installing, copying, or otherwise using the SOFTWARE PRODUCT, you

agree to be bound by the terms of this SLA. This license agreement represents the entire agreement

concerning the program between you and Yealink Network Technology CO., LTD., (referred to as

"licenser"), and it supersedes any prior proposal, representation, or understanding between the parties. If

you do not agree to the terms of this SLA, do not install or use the SOFTWARE PRODUCT.

The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties, as well

as other intellectual property laws and treaties. The SOFTWARE PRODUCT is licensed, not sold.

COPYRIGHT

All title, including but not limited to copyrights, in and to the SOFTWARE PRODUCT and any copies

thereof are owned by Yealink Network Technology CO., LTD. or its suppliers. All title and intellectual

property rights in and to the content which may be accessed through use of the SOFTWARE PRODUCT

is the property of the respective content owner and may be protected by applicable copyright or other

intellectual property laws and treaties. This EULA grants you no rights to use such content. All rights not

expressly granted are reserved by Yealink Network Technology CO., LTD.

WARRANTIES

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS GUIDE ARE

SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND

RECOMMENDATIONS IN THIS GUIDE ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED

WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL

RESPONSIBILITY FOR THEIR APPLICATION OF PRODUCTS.

YEALINK NETWORK TECHNOLOGY CO., LTD. MAKES NO WARRANTY OF ANY KIND WITH

REGARD TO THIS GUIDE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Yealink Network Technology

CO., LTD. shall not be liable for errors contained herein nor for incidental or consequential damages in

connection with the furnishing, performance, or use of this guide.

About This Guide

Configuration files contain sensitive information such as user accounts, login passwords or

registration information. To protect sensitive information from tampering, you must encrypt

configuration files. Yealink provides tools for encrypting configuration files on Windows

platform and Linux platform respectively. You can ask the distributor or the Yealink Field

Application Engineer for these tools, or you can download them online:

http://support.yealink.com/documentFront/forwardToDocumentFrontDisplayPage.

This guide provides detailed information on how to encrypt configuration files using

Yealink-supplied encryption tools, and how to deploy phones using these encrypted

configuration files. The information applies to MP58, MP58-WH, MP56, MP54, T58A, T56A,

T55A, T48S, T46S, T42S and T41S Skype for Business phones running firmware version 9

or later and CP960 Skype for Business phones running firmware version 8.

Introduction

Yealink Configuration Encryption Tool User Guide

The encryption tool encrypts plaintext <y0000000000xx>.cfg and <MAC>.cfg files (one by one

or in batch) using 16-character symmetric keys (the same or different keys for configuration

files) and generates encrypted configuration files with the same file name as before. This tool

also encrypts the plaintext 16-character symmetric keys using a fixed key, which is the same

as the one built in the phone, and generates new files named as <xx_Security>.enc (xx

indicates the name of the configuration file, for example, y000000000066_Security.enc for

y000000000066.cfg file). This tool generates another new file named as Aeskey.txt storing the

plaintext 16-character symmetric keys for each configuration file.

For the security reasons, administrator should upload encrypted configuration files,

<y0000000000xx_Security>.enc and/or <MAC_Security>.enc files to the root directory of the

provisioning server. During auto provisioning, the phone requests to download

<y0000000000xx>.cfg file first. If the downloaded configuration file is encrypted, the phone will

request to download <y0000000000xx_Security>.enc file (if enabled) and decrypt it into the

plaintext key (e.g., key2) using the built-in key (e.g., key1). Then the phone decrypts

<y0000000000xx>.cfg file using key2. After decryption, the phone resolves configuration files

and updates configuration settings onto the phone system. The way the phone processes the

<MAC>.cfg file is the same to that of the<y0000000000xx>.cfg file.

Configuration Encryption Tool on Windows Platform

This tool supports Microsoft Windows XP and Windows 7 (both 32-bit and 64-bit) system.

1

Yealink Configuration Encryption Tool User Guide

2

To encrypt configuration files:

1. Double click “Config_Encrypt_Tool.exe” to start the application tool.

The screenshot of the main page is shown as below:

When you start the application tool, a file folder named “Encrypted” is created

automatically in the directory where the application tool is located.

2. Click Browse to locate configuration file(s) (e.g., y000000000066.cfg) from your local

system in the Select File(s) field.

To select multiple configuration files, you can select the first file and then press and

hold the Ctrl key and select the next files.

3. (Optional.) Click Browse to locate a target directory from your local system in the Target

Directory field.

The tool uses the file folder “Encrypted” as the target directory by default.

4. (Optional.) Mark the desired radio box in the AES Model field.

If you mark the Manual radio box, you can enter an AES key in the AES KEY field or click

Re-Generate to generate an AES key in the AES KEY field. The configuration file(s) will

be encrypted using the AES key in the AES KEY field.

If you mark the Auto Generate radio box, the configuration file(s) will be encrypted using

random AES key. The AES keys of configuration files are different.

Note

AES keys must be 16 characters and the supported characters contain: 0 ~ 9, A ~ Z, a ~ z and the
following special characters are also supported: # $ % * + , - . : = ? @ [ ] ^ _ { } ~.