Yealink Configuration Encryption Tool User Manual

Yealink Configuration Encryption Tool User Guide

SOFTWARE LICENSE AGREEMENT

SOFTWARE LICENSE AGREEMENT FOR YEALINK CONFIGURATION CONVERSION TOOL IS IMPORTANT. PLEASE READ THIS LICENSE AGREEMENT CAREFULLY BEFORE CONTINUING WITH THIS PROGRAM: YEALINK NETWORK TECHNOLOGY CO., LTD Software License Agreement (SLA) is a legal agreement between you (either an individual or a single entity) and Yealink Network Technology CO., LTD. For the Yealink software product(s) identified above which may include associated software components, media, printed materials, and “online” or electronic documentation ("SOFTWARE PRODUCT"). By installing, copying, or otherwise using the SOFTWARE PRODUCT, you agree to be bound by the terms of this SLA. This license agreement represents the entire agreement concerning the program between you and Yealink Network Technology CO., LTD., (referred to as "licenser"), and it supersedes any prior proposal, representation, or understanding between the parties. If you do not agree to the terms of this SLA, do not install or use the SOFTWARE PRODUCT.

The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is licensed, not sold.

COPYRIGHT

All title, including but not limited to copyrights, in and to the SOFTWARE PRODUCT and any copies thereof are owned by Yealink Network Technology CO., LTD. or its suppliers. All title and intellectual property rights in and to the content which may be accessed through use of the SOFTWARE PRODUCT is the property of the respective content owner and may be protected by applicable copyright or other intellectual property laws and treaties. This EULA grants you no rights to use such content. All rights not expressly granted are reserved by Yealink Network Technology CO., LTD.

WARRANTIES

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS GUIDE ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS GUIDE ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF PRODUCTS.

YEALINK NETWORK TECHNOLOGY CO., LTD. MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS GUIDE, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Yealink Network Technology CO., LTD. shall not be liable for errors contained herein nor for incidental or consequential damages in connection with the furnishing, performance, or use of this guide.

Yealink Configuration Encryption Tool User Guide

About This Guide

Configuration files contain sensitive information such as user accounts, login passwords or registration information. To protect sensitive information from tampering, you must encrypt configuration files. Yealink provides tools for encrypting configuration files on Windows platform and Linux platform respectively. You can ask the distributor or the Yealink Field Application Engineer for these tools, or you can download them online:

http://support.yealink.com/documentFront/forwardToDocumentFrontDisplayPage.

This guide provides detailed information on how to encrypt configuration files using Yealink-supplied encryption tools, and how to deploy phones using these encrypted configuration files. The information applies to MP58, MP58-WH, MP56, MP54, T58A, T56A, T55A, T48S, T46S, T42S and T41S Skype for Business phones running firmware version 9 or later and CP960 Skype for Business phones running firmware version 8.

Introduction

The encryption tool encrypts plaintext <y0000000000xx>.cfg and <MAC>.cfg files (one by one or in batch) using 16-character symmetric keys (the same or different keys for configuration files) and generates encrypted configuration files with the same file name as before. This tool also encrypts the plaintext 16-character symmetric keys using a fixed key, which is the same as the one built in the phone, and generates new files named as <xx_Security>.enc (xx indicates the name of the configuration file, for example, y000000000066_Security.enc for y000000000066.cfg file). This tool generates another new file named as Aeskey.txt storing the plaintext 16-character symmetric keys for each configuration file.

For the security reasons, administrator should upload encrypted configuration files, <y0000000000xx_Security>.enc and/or <MAC_Security>.enc files to the root directory of the provisioning server. During auto provisioning, the phone requests to download <y0000000000xx>.cfg file first. If the downloaded configuration file is encrypted, the phone will request to download <y0000000000xx_Security>.enc file (if enabled) and decrypt it into the plaintext key (e.g., key2) using the built-in key (e.g., key1). Then the phone decrypts <y0000000000xx>.cfg file using key2. After decryption, the phone resolves configuration files and updates configuration settings onto the phone system. The way the phone processes the <MAC>.cfg file is the same to that of the<y0000000000xx>.cfg file.

Configuration Encryption Tool on Windows Platform

This tool supports Microsoft Windows XP and Windows 7 (both 32-bit and 64-bit) system.

1

Yealink Configuration Encryption Tool User Guide

To encrypt configuration files:

1.Double click “Config_Encrypt_Tool.exe” to start the application tool. The screenshot of the main page is shown as below:

When you start the application tool, a file folder named “Encrypted” is created automatically in the directory where the application tool is located.

2.Click Browse to locate configuration file(s) (e.g., y000000000066.cfg) from your local system in the Select File(s) field.

To select multiple configuration files, you can select the first file and then press and hold the Ctrl key and select the next files.

3.(Optional.) Click Browse to locate a target directory from your local system in the Target Directory field.

The tool uses the file folder “Encrypted” as the target directory by default.

4.(Optional.) Mark the desired radio box in the AES Model field.

If you mark the Manual radio box, you can enter an AES key in the AES KEY field or click Re-Generate to generate an AES key in the AES KEY field. The configuration file(s) will be encrypted using the AES key in the AES KEY field.

If you mark the Auto Generate radio box, the configuration file(s) will be encrypted using random AES key. The AES keys of configuration files are different.

Note AES keys must be 16 characters and the supported characters contain: 0 ~ 9, A ~ Z, a ~ z and the following special characters are also supported: # $ % * + , - . : = ? @ [ ] ^ _ { } ~.

2