Configuring Security Features433For security reasons, administrator should upload encrypted configuration files,.enc and/or .enc files to the root directoryof the provisioning server. During auto provisioning, the IP phone requests to download.cfg file first. If the downloaded configuration file is encrypted, the IPphone will request to download .enc file (if enabled) anddecrypt it into the plaintext key (e.g., key2) using the built-in key (e.g., key1). Then the IPphone decrypts .cfg file using key2. After decryption, the IP phoneresolves configuration files and updates configuration settings onto the IP phonesystem.The way the IP phone processes the .cfg file is the same to that ofthe.cfg file.Procedure to Encrypt Configuration FilesTo encrypt the .cfg file:1. Double click “Config_Encrypt_Tool.exe” to start the application tool.The screenshot of the main page is shown as below:When you start the application tool, a file folder named “Encrypted” is createdautomatically in the directory where the application tool is located.2. Click Browse to locate configuration file(s) (e.g., y000000000044.cfg) from yourlocal system in the Select File(s) field.To select multiple configuration files, you can select the first file and then press andhold the Ctrl key and select the next files.3. (Optional.) Click Browse to locate the target directory from your local system in theTarget Directory field.The tool uses the file folder “Encrypted” as the target directory by default.4. (Optional.) Mark the desired radio box in the AES Model field.If you mark the Manual radio box, you can enter an AES key in the AES KEY field orclick Re-Generate to generate an AES key in the AES KEY field. The configurationfile(s) will be encrypted using the AES key in the AES KEY field.If you mark the Auto Generate radio box, the configuration file(s) will be encrypted
