The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

Provisioning Sipura Devices

I’m working on some stuff at Voxilla that has me starting to work on provider-type provisioning for the Sipura series of adapters. This means using tools like the SPA Compiler and making actual configuration files.

The wonderful thing about Sipura’s is that the provisioning is actually fairly straightforward. The SPA Compiler (spc) tool is used to “compile” and “encrypt” a configuration file. The encryption can be controlled with various options in spc, but can be as strong as AES-256. The encryption can also be tied to a specific device by MAC address making it unlikely that a device could “use” the wrong configuration.

The configuration file, at least prior to compilation by spc, is just a text file, nothing more. The text file is in a fairly straightforward, readable format. While the spc tool can generate you a sample file to use, you could easily generate a similar text file with your own provisioning system, as many service providers do.

The configuration files themselves can be stored on a tftp, http, or https server. http or https is definately preferred in residential situations since the devices will usually be behind NAT and tftp doesn’t work so well via NAT.

The one place where tftp actually makes sense is in the initial configuration of the device by the service provider prior to being sent to the end customer. Using tftp, it’s possible to take a SPA fresh from the factory out of the box, plug it into a network, have it download a configuration, upgrade firmware, and have the entire process be automatic. The device will receive a pre-provisioning configuration that is generic. It won’t contain any “real” configuration data except for the location of the next configuration, which is a URL like http://provisioning.provider.com/$MA.cfg.

The Sipura will substitute its own MAC for $MA in the URL. This means it will download a configuration specific to it. When the device is plugged in at the customer location, the device will download it’s new unique configuration and be ready for customer use within a few minutes.


#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.