User's Manual 312 Document #: LTRT-50614
MP-20x Multimedia Home Gateway
20.4.3 Encrypting the Configuration File using CLI
Encrypted files include the file name extension *.cfx (instead of *.cfg) or *.inx (instead of
*.ini). After the device loads the encrypted file from the HTTP server, it automatically
identifies the encrypted file by its file name extensions *.cfx or *.inx, and subsequently
decrypts the file before saving it to flash memory.
The following procedure describes how to encrypt configuration files.
To encrypt a configuration file:
Run the following CLI shell command (on Linux or Windows PC with OpenSSL
installed):
openssl des3 -in <original file> -out <encrypted file> -k
<password> -S <salt value>
Where,
• <original file> is the original clear-text configuration file (*.cfg or *.ini file).
• <encrypted file> is the output file (an encrypted *.cfx or *.inx file).
• <password> is the password that is used to encrypt the file.
• <salt value> is the 8 bytes of a special key value that is combined with the
password. The format is 16 hexadecimal digits [0-9,A-F].
An example of this command is shown below:
openssl des3 -in c:\temp\try_enc_conf.cfg -out
c:\temp\try_enc_conf.cfx -k MyPassword123456 -S 0123456789ABCDEF
Notes:
• You can choose any <salt value> – the device does not have to know about it.
• A password can be pre-configured in the device, using the following CLI command:
conf set_obscure/rmt_config/password <password>
For example: tftp://1.2.3.4/file
• You can also define the password in a configuration file that you download from the
server.
• If you don’t define a password in the configuration file, a default password is used.
Different default passwords are defined per customer, according to the config-file
url hostname.
To Next Page
Loading...
Need help?
General
