Grandstream Networks, Inc.
XML Provisioning Guide
GXV3140/GXV3175 IP Multimedia Phone
GXV21XX/GXP14XX Enterprise IP Phone
HT50x Analog Telephone Adapters
GXW40xx FXS Analog IP Gateways
OVERVIEW
The XML provisioning system allows Grandstream phones to perform configuration updates via XML
configuration files. In addition, the XML provisioning implementation may also allow generic XML
configuration file on top of the MAC based configuration file.
Note: Currently, XML provisioning is supported on the following Grandstream products:
•
•
•
•
•
GXV3140 IP Multimedia Phone
GXV3175 IP Multimedia Phone
GXP21XX/GXP14XX Enterprise IP phones
HT50X Analog Telephone Adapters
GXW40XX FXS Analog IP Gateways
PROVISIONING FLOW
Request XML
config file
cfgMAC.xml
Parse and
apply new
configurations
Request
legacy
config file
cfgMAC
Start
provisioning
Parse and
apply new
configurations
Done
Figure 1: Provisioning Flow.
The provision program on the phone will apply and reload the settings after downloading the legacy
binary cfgMAC config file. This means that a provision/re-direction server can redirect the device to a XML
provision server without reboot. It can also be used to send the XML encryption password.
XML SCHEMA AND EXAMPLE FILE
The general XML syntax consists of a list of name-value pairs. P-Value is the element and the value of
the element is represents the value for that particular configuration that the corresponding P-Value
represents. For the complete P-value list, please refer to the legacy configuration templates at
Example XML configuration file (cfgxxxxxxxxxxxx.xml):
<?xml version="1.0" encoding="UTF-8" ?>
Grandstream Networks, Inc.
XML Provisioning Guide
Page 3 of 5
Last Updated: 7/2011
<gs_provision version="1">
<mac>000b82123456</mac>
<config version="1">
<P271>0</P271>
<P270>Account name</P270>
</config>
</gs_provision>
The mac element is not mandatory. It is designed this way because not all provision systems support
MAC address. If it is present, the provision program will validate the mac element with the actual MAC
address on the device.
XML FILE ENCRYPTION
The XML configuration file may be encrypted using AES-256-CBC algorithm. The encryption password is
defined in P1359 (XML Config File Password) of the configuration file. The encryption may use salt to
enhance security. The algorithm to derive the key and IV from a password is the same as the one used
by OpenSSL:
The OpenSSL command-line to encrypt the file is as follows:
Openssl enc –e –aes-256-cbc –k password –in config.xml –out cfgxxxxxxxxxxxx.xml
Alternatively, users can also set the XML Config File Password in the web UI of the phone.
Figure 2: Using web UI to define the XML Configuration File Password
When the XML configuration file is encrypted using this method, the phone would only be able to decrypt
and parse the file if user set the XML Config File Password in P1349 of binary configuration file or in the
web UI.
Grandstream Networks, Inc.
XML Provisioning Guide
Page 4 of 5
Last Updated: 7/2011
SECURE PROVISIONING
Although the XML config file can be encrypted and the encryption algorithm itself is regarded as safe and
strong by using AES with 256-bit key length, it remains a question on how to bootstrap and provision the
initial XML encryption password. There are several methods to provide solutions to this:
1. Use legacy binary config file to set the initial XML encryption password. The legacy binary file is
encrypted and it generally regarded safe.
2. Use HTTPS and use client side authentication. This is the industry standard approach and has
the strongest safety.
Grandstream Networks, Inc.
XML Provisioning Guide
Page 5 of 5
Last Updated: 7/2011
|