Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Encryption of configuration files for spa5xx

XML configuration files encrypted with openssl can be decrypted by the phone using the profile rule [--key “TheSuperSecretPhrase”] http://......

The issue is that if a user accesses the web-portal for the phone, he/she can glean TheSuperSecretPhrase through simple inspection.

Why not add an Encryption Key field under the Provisioning tab, which can be used as the Key (perhaps as $EK?).  You could have it as a text field of type "password", i.e., not displayable?

I know, you could use the GPP_S[ABCD] parameters for the same purpose, but the above suggestion has the added advantage of being an end-user editable field (much, *much* easier to do phone resets in the field!)

Mahesh Paolini-Subramanya | CTO | | 703.386.1500 Ext. 9100

2250 Corporate Park Drive | Suite 150 | Herndon, VA |

Check out our Blog | Follow us on Twitter | Refer a Friend

Everyone's tags (3)
CreatePlease to create content