• Numeric character escapes, using decimal and hexadecimal values (s.a. ( and .), are translated.
• The phone firmware only supports ASCII characters.
Open Profile (XML) Compression and Encryption
The Open configuration profile can be compressed to reduce the network load on the provisioning server.
The profile can also be encrypted to protect confidential information. Compression is not required, but it must
precede encryption.
Open Profile Compression
The supported compression method is the gzip deflate algorithm (RFC1951). The gzip utility and the
compression library that implements the same algorithm (zlib) are available from Internet sites.
To identify compression, the phone expects the compressed file to contain a gzip compatible header. Invocation
of the gzip utility on the original Open profile generates the header. The phone inspects the downloaded file
header to determine the file format.
For example, if profile.xml is a valid profile, the file profile.xml.gz is also accepted. Either of the following
commands can generate this profile type:
• >gzip profile.xml
Replaces original file with compressed file.
• >cat profile.xml | gzip > profile.xml.gz
Leaves original file in place, produces new compressed file.
A tutorial on compression is provided in the Compress an Open Profile with Gzip, on page 63 section.
Open Profile Encryption
Symmetric key encryption can be used to encrypt an open configuration profile, whether the file is compressed
or not. Compression, if applied, must be applied before encryption.
The provisioning server uses HTTPS to handle initial provisioning of the phone after deployment.
Pre-encrypting configuration profiles offline allows the use of HTTP for resyncing profiles subsequently.
This reduces the load on the HTTPS server in large-scale deployments.
The phone supports two methods of encryption for configuration files:
• AES-256-CBC encryption
• RFC 8188-based HTTP content encryption with AES-128-GCM ciphering
The key or Input Keying Material (IKM) must be preprovisioned into the unit at an earlier time. Bootstrap of
the secret key can be accomplished securely by using HTTPS.
The configuration file name does not require a specific format, but a file name that ends with the .cfg
extension normally indicates a configuration profile.
Cisco IP Phone 8800 Series Multiplatform Phone Administration Guide for Release 11.3(1) and Later
81
Cisco IP Phone Provisioning
Open Profile (XML) Compression and Encryption
To Next Page
Loading...
Need help?
General
