Howto:Encrypt or Decrypt PBX user passwords: Difference between revisions
mNo edit summary |
|||
| Line 54: | Line 54: | ||
</pre> | </pre> | ||
The '''PBX password''' | The '''PBX password''' in this case is "pwd". We need it in binary form here: 707764.<br> | ||
Use rc4.exe to decrypt the '''PBX key''': | Use rc4.exe to decrypt the '''PBX key''': | ||
<pre> | <pre> | ||
Revision as of 11:31, 11 October 2007
Applies To
This information applies to
- IP 6000, V6
- IP 3000, V6
- IP 800, V6
- and all other PBXs
Abstract
Passwords of user objects in the PBX are saved in encrypted form in order to ensure confidentiality.
Sometimes it could be necessary to create user objects automatically without using the PBX's web gui.
Problem Details
The password attribute of an user object must be written encrypted, while all other attributes are plain text.
Example:
mod cmd FLASHDIR0 add-item 101 (cn=Venus) (pbx=<user filter="normal" cd-filter="normal" busy-in="65535" pwd="a50c0b9263f673a778f671fbf9e4358c"/>) (node=root) (loc=.) (e164=224) (h323=venus)
The user password needs to be encrypted using the PBX key.
The PBX key is automatically generated during activation of the PBX.
The PBX key can be found inside the _ADMIN_ object in encrpted form.
The PBX key is encrypted using the PBX password.
The PBX password has been configured by the administrator during activation of the PBX.
System Requirements
In order to manually generate PBX's user object with passwords:
- you need to know the PBX password
- you need the encrypted PBX key
- you need the encryption/decryption tool rc4.exe
Usage
Getting the PBX key
First Step is getting the PBX key by decryting the key attribute of the _ADMIN_ object:
mod cmd FLASHDIR0 add-item 101 (cn=_ADMIN_) (h323=pbx-admin) (pbx=<filter name="normal"/>) (pbx=<filter name="unknown"/>) (pbx=<user pwd="a61e0ce0068273a778f671fbf9e4358c" key="566e2a2f1d259e4136046d5cbacaea9f"/>)
The PBX password in this case is "pwd". We need it in binary form here: 707764.
Use rc4.exe to decrypt the PBX key:
rc4.exe -d 707764 566e2a2f1d259e4136046d5cbacaea9f -> 7e6236c35d119afe62c0fd398d6f6175
The decrypted PBX key is 7e6236c35d119afe62c0fd398d6f6175.
Encryting the user password
With the decrypted PBX key in hand you can start encrypting user passwords.
In this case we want to encrypt the passwort "secret":
rc4.exe -e 7e6236c35d119afe62c0fd398d6f6175 secret -> a50c0b9263f673a778f671fbf9e4358c
The encrypted user password is a50c0b9263f673a778f671fbf9e4358c.
This can be used to form a new (or update an existing) user object.
Notes
Do not mix-up the PBX password with the admin password!
The admin password is used together with the admin username to get access to the config gui of the device.
The admin username and password are set by default to "admin" and "ipxxxx" (depending on your device type).
The PBX password in opposite must always be configured manually during activation of the PBX.
Be sure of really knowing the correct PBX password.