Plantronics + Polycom. Now together as Poly Logo

encrypted provisioning

alekseyr
Occasional Contributor

encrypted provisioning

Hello.

 

After examining Internet and in particular "Quick Tip 67442 When Encrypting Polycom UC Software Configuration Files" I still have several questions.

 

1. Please confirm that there is no way to manually insert a key at the web interface of a device indeed.

2. If no, then you should push it over potentially insecure (since you did not encrypt it yet) Internet channel to make the device know it.

 

Thank you.

 

Message 1 of 8
7 REPLIES 7
alekseyr
Occasional Contributor

Re: encrypted provisioning

Another thing is that the device looses all its settings if it fails to parse a new encrypted config.

Can't it use the previous one (internal) in this case?

 

Thanks

Message 2 of 8
SteffenBaierUK
Polycom Employee & Community Manager

Re: encrypted provisioning

Hello alekseyr,

welcome to the Polycom Community.

The Software Development Kit (SDK) for key generation is only available via Polycom support directly.

 

If part of a configuration file cannot be read the whole configuration gets discarded in order to allow you to sort out your issues rather than applying half of a configuration.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 3 of 8
alekseyr
Occasional Contributor

Re: encrypted provisioning

Hello, Steffen.

 

Thank you for your input.

 

We already have `configFileEncrypt` and starting to use it, but Polycom's concept of ecnrypting is rather confusing.

 

I am reading this article and seems that I can push "device.set", "device.sec.configEncryption.key", and "device.sec.configEncryption.key.set" at any time and this will NOT switch the phone to an encrypted mode.

 

3 questions:

 

  1. Is the statement above correct?
  2. Will the device accept both - plain and encrypted files when the mentioned 3 parameters are passed?
  3. is setting "device.set" to 1 mandatory and can't it affect something else?

Thank you

 

 

 

 

Message 4 of 8
alekseyr
Occasional Contributor

Re: encrypted provisioning

Hi

 

And one more question =)

 

Is it not possible to pass a key in a <MAC>.cfg (a plain file) and an encrypted configuration right after this in <MAC>-web.cfg (or  <MAC>-params.cfg) to do it in one step?

 

I see that the phone gets them one-by-one, but it fails to decript the config.

 

the <MAC>.cfg looks like:



<APPLICATIONAPP_FILE_PATH="sip.ld" CONFIG_FILES="zzzzzzzz-params.cfg" MISC_FILES="" LOG_FILE_DIRECTORY="" OVERRIDES_DIRECTORY="" CONTACTS_DIRECTORY="" LICENSE_DIRECTORY="" USER_PROFILES
_DIRECTORY="" CALL_LISTS_DIRECTORY=""> </APPLICATION>
<polycomConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="polycomConfig.xsd">  
<device device.set = "1" >
<device.sec>
<device.sec.configEncryption
device.sec.configEncryption.key.set = "1"  
device.sec.configEncryption.key = "Crypt=1;KeyDesc=Polycom;Key=93750C736A35F74EF704CEA66CC89049;" /></device.sec></device>
</polycomConfig>

 

Thank you

Message 5 of 8
SteffenBaierUK
Polycom Employee & Community Manager

Re: encrypted provisioning

Hello alekseyr,

You never add any configuration in the master configuration file aka 000000000000.cfg or any <mac>.cfg

 

This file is only used to load files. I suggest you open a ticket with Polycom support directly so they can answer your questions. I have not played with file encryption for at least 6 years.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 6 of 8
alekseyr
Occasional Contributor

Re: encrypted provisioning

2Steffen

 

Thank you.

 

That's odd, since 
http://support.polycom.com/global/documents/support/technical/products/voice/Encrypting_Config_Files...

says you can put it even into 00000000.cfg

 

Polycom support will likely send me to some reseller and I have doubts that it will end positively. 

Message 7 of 8
SteffenBaierUK
Polycom Employee & Community Manager

Re: encrypted provisioning

Hello alekseyr,

The only way to receive support is via a Polycom reseller.

 

In order to receive the SDK you would have already had to do this.

If this is some sort of an Internet discounter please post your phone's MAC address so I can look up who would be able to support you.

 

If you post the above I am able to look up who this is. We do not support end customers directly but we can work with a reseller to support their end customers.

 

Mar 8, 2012 Question: What kind of support should I expect from the Community?
Clarification: Please check => here <=

 

Please read the referenced instructions carefully:

 

  • Create an XML file into which you will place this key and reference the file in your .cfg or 000000000000.cfg master configuration files

Aka within the config_files section you name this file !

 

Please read:

 

Oct 7, 2011 Question: What is the relevance of the 000000000000.cfg or <mac>.cfg?

Resolution: Please check => here <=

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 8 of 8