Then why do not use just two files:
- obi-encrypted, contains K and IV and points to $MAC-encrypted.cfg
- AES-encrypted, contains configuration and points to itself
Frankly, I don't see the reason for making $DM.xml
at all. Is it because of the default $DHCPOPT66
value in ConfigURL
? If it is, I don't think it's working. Think about how many routers have this option? E.g. mine, ZyWALL, cost me $400, doesn't have it. In any case, if you want to target a user, who can't change default ConfigURL
setting in OBi to point to your TFTP/HTTP server, then I may assure you, that he won't be able to change his router's "option 66" too... (assuming he even has a router, which supports "option 66") So, IMHO, this idea doesn't fly.
But if you have to ask user to set that ConfigURL
manually (which is simpler to do, than to configure his router), then you may provide him with string, that points it to $MAC-init.xml
file on your TFTP/HTTP server. So, IMHO there is no real need for the intermediate $DM.xml
BTW, I still keep a hope to see support for HTTP option in OBiProv tool... --
Keep it simple, it'll become complex by itself...