I'm trying to make ITSP Provisioning work with encrypted configuration files. And so far it looks like it doesn't work at all. My experience:
1. ITSP Provisioning using TFTP server and plain text configuration file works.
2. When I try to set configuration with the same (but now encrypted) configuration file - OBi doesn't accept settings.
I'm using direct instructions from
OBi Device Provisioning Guide{PDF} and my steps are:
1. Change one line and add into configuration file two new parameters:
<ParameterValueStruct>
<Name>ConfigURL</Name>
<Value>SYNC -A=aes -K=$SPRM0 -IV=$SPRM1 tftp://host/OBi.xml.en</Value>
</ParameterValueStruct>
<P>
<N X_UA="noAccess">SPRM0</N>
<V>000102030405060708090a0b0c0d0e0f</V>
</P>
<P>
<N X_UA="noAccess">SPRM1</N>
<V>00102030405060708090a0b0c0d0e0f0</V>
</P>2. Encode configuration file using this command:
openssl enc -aes-128-cbc -K 000102030405060708090a0b0c0d0e0f -iv 00102030405060708090a0b0c0d0e0f0 -in OBi.xml -out OBi.xml.en3. Restore configuration from this file (set up auto provisioning from TFTP server):
<?xml version="1.0" encoding="UTF-8"?>
<!-- Setting encryption for auto provisioning -->
<ParameterList>
<O>
<N>X_DeviceManagement.ITSPProvisioning.</N>
<P>
<N X_UA="noAccess">ConfigURL</N>
<V>SYNC -A=aes -K=$SPRM0 -IV=$SPRM1 tftp://host/OBi.xml.en</V>
</P>
<P>
<N X_UA="noAccess">SPRM0</N>
<V>000102030405060708090a0b0c0d0e0f</V>
</P>
<P>
<N X_UA="noAccess">SPRM1</N>
<V>00102030405060708090a0b0c0d0e0f0</V>
</P>
</O>
</ParameterList>After reboot, OBi takes new configuration file from TFTP server (I see that from logs of that TFTP server). But there is no change in its configuration. Perhaps it can't decode the file.
Documentation says, that SYNC script returns value in
TPRM0 variable. In my case it's always = 0 (which means, accordingly to the documentation, an error). But it's always = 0 even if I upload new plain text configuration file and its configuration changes accordingly. So, I guess OBi has a bug here and it doesn't provide actual error code via that variable anyway...
Did anyone have a success in uploading encrypted configuration file to OBi100 device?
How do you do that? And what's wrong with those simple steps, mentioned above?