ITSP Provisioning. Does AES encryption works?
OZOi:
I'm trying to make ITSP Provisioning work with encrypted configuration files. And so far it looks like it doesn't work at all. My experience:
1. ITSP Provisioning using TFTP server and plain text configuration file works.
2. When I try to set configuration with the same (but now encrypted) configuration file - OBi doesn't accept settings.
I'm using direct instructions from OBi Device Provisioning Guide{PDF} and my steps are:
1. Change one line and add into configuration file two new parameters:
<ParameterValueStruct>
<Name>ConfigURL</Name>
<Value>SYNC -A=aes -K=$SPRM0 -IV=$SPRM1 tftp://host/OBi.xml.en</Value>
</ParameterValueStruct>
<P>
<N X_UA="noAccess">SPRM0</N>
<V>000102030405060708090a0b0c0d0e0f</V>
</P>
<P>
<N X_UA="noAccess">SPRM1</N>
<V>00102030405060708090a0b0c0d0e0f0</V>
</P>
2. Encode configuration file using this command:
openssl enc -aes-128-cbc -K 000102030405060708090a0b0c0d0e0f -iv 00102030405060708090a0b0c0d0e0f0 -in OBi.xml -out OBi.xml.en
3. Restore configuration from this file (set up auto provisioning from TFTP server):
<?xml version="1.0" encoding="UTF-8"?>
<!-- Setting encryption for auto provisioning -->
<ParameterList>
<O>
<N>X_DeviceManagement.ITSPProvisioning.</N>
<P>
<N X_UA="noAccess">ConfigURL</N>
<V>SYNC -A=aes -K=$SPRM0 -IV=$SPRM1 tftp://host/OBi.xml.en</V>
</P>
<P>
<N X_UA="noAccess">SPRM0</N>
<V>000102030405060708090a0b0c0d0e0f</V>
</P>
<P>
<N X_UA="noAccess">SPRM1</N>
<V>00102030405060708090a0b0c0d0e0f0</V>
</P>
</O>
</ParameterList>
After reboot, OBi takes new configuration file from TFTP server (I see that from logs of that TFTP server). But there is no change in its configuration. Perhaps it can't decode the file.
Documentation says, that SYNC script returns value in TPRM0 variable. In my case it's always = 0 (which means, accordingly to the documentation, an error). But it's always = 0 even if I upload new plain text configuration file and its configuration changes accordingly. So, I guess OBi has a bug here and it doesn't provide actual error code via that variable anyway...
Did anyone have a success in uploading encrypted configuration file to OBi100 device?
How do you do that? And what's wrong with those simple steps, mentioned above?
InetUser:
http://www.dslreports.com/forum/r28068374-Provisioning-of-the-OBi100-110-202-Made-Easy-
QBZappy:
OZOi,
Aren't you and Ron buddy buddies? Didn't he give you a heads up on this. (/LOL)
That's another nail in the coffin for the OBiTALK portal. Let's look at it another way. This tool opens up the market for a whole new class of potential OBi users. I think that the OBi is officially a "Prosumer " class ATA.
It's not clear what the relationship is between RonR and obihai, or even if Ron's efforts are helping or hindering the OBi. In any event as a consumer of the product I'm thrilled to see 3rd party development of this product (with or without the blessing of obihai). I find it interesting to note that I suspect RonR has steered, dare I say "commandeered", the marketing of this product in an unintended direction. I may one day write a book about this. There have been so many twists and turns in the development of this product. I hang around just to see what develops.
It may seem like an effort to "stick it to the man", however there is no harm done. In fact his work enhances what is already a great product. It is a clear case of "more power to the people", complements of the one man crusader RonR.
QBZappy:
Quote from: InetUser on March 04, 2013, 08:10:05 pm
http://www.dslreports.com/forum/r28068374-Provisioning-of-the-OBi100-110-202-Made-Easy-
Huh... InetUser? RonR is that you? Sorry but the timing of your post is too funny to ignore. (/LOL)
OZOi:
It looks like there is nothing wrong with the simple way to make encrypted provisioning work, except one thing... (and it's very important!) - .XML file size must be multiple of 16... I've made couple of tests (making sure this requirement is satisfied) and so far it's working. I'll need to make more tests though to make final conclusion. Thanks to BBR forum and particularly to its member - @Trev for that suggestion.
.
Navigation
[0] Message Index
[#] Next page