In addition, the XML provisioning implementation may also allow generic XML configuration file on top of the MAC based configuration file. Note: Currently, XML provisioning is supported on the following Grandstream products: • GXV3140 IP Multimedia Phone • GXV3175 IP Multimedia Phone • GXP21XX/GXP14XX Enterprise IP phones • HT50X Analog Telephone Adapters • GXW40XX FXS Analog IP Gateways Provisioning Flow Figure 1: Provisioning Flow. The provision program on the phone will apply and reload the settings after downloading the legacy binary cfgMAC config file. This means that a provision/re-direction server can redirect the device to a XML provision server without reboot. It can also be used to send the XML encryption password. XML SCHEMA AND EXAMPLE FILE The general XML syntax consists of a list of name-value pairs. P-Value is the element and the value of the element is represents the value for that particular configuration that the corresponding P-Value represents. For the complete P-value list, please refer to the legacy configuration templates at Example XML configuration file (cfgxxxxxxxxxxxx.xml): Grandstream Networks, Inc. XML Provisioning Guide Page 3 of 5 Last Updated: 7/2011 Innovât ra« IP Voie« A VVMo 000b821234560Account name The mac element is not mandatory. It is designed this way because not all provision systems support MAC address. If it is present, the provision program will validate the mac element with the actual MAC address on the device. XML File Encryption The XML configuration file may be encrypted using AES-256-CBC algorithm. The encryption password is defined in P1359 (XML Config File Password) of the configuration file. The encryption may use salt to enhance security. The algorithm to derive the key and IV from a password is the same as the one used by OpenSSL: The OpenSSL command-line to encrypt the file is as follows: Openssl enc -e -aes-256-cbc -k password -in config.xml -out cfgxxxxxxxxxxxx.xml Alternatively, users can also set the XML Config File Password in the web UI of the phone. Upgrade Lock Keypad for Update : XML Config File Password : HTTP/HTTPS User Name: HTTP/HTTPS Password : Upgrade Via: Firmware Server Path : Config Server Path : TYes HTTP fw.ipvid eotalk.com/gs fm.grandstream.com/gs Figure 2: Using web UI to define the XML Configuration File Password When the XML configuration file is encrypted using this method, the phone would only be able to decrypt and parse the file if user set the XML Config File Password in P1349 of binary configuration file or in the web UI. Grandstream Networks, Inc. XML Provisioning Guide Page 4 of 5 Last Updated: 7/2011 Qrandstream knnovatn« IP Vote* A VkJ*o Secure Provisioning Although the XM...