Skip to main content
Question

FYI: Using EncryptedStrings method for Classic API calls requires changes for upcoming macOS release

  • February 2, 2022
  • 1 reply
  • 1 view

sdagley
Forum|alt.badge.img+25

An upcoming release of macOS will update the openssl tool, and If you are using the method documented in https://github.com/brysontyrrell/EncryptedStrings/blob/master/EncryptedStrings_Bash.sh to obfuscate the user name and password for calls to the Jamf Pro Classic API it will require modification to work with the new version.

The modification is to specify that the md5 message digest is to be used by adding the "-md md5" option to the openssl "enc" command (e.g. openssl enc -aes256... becomes openssl enc -aes256 -md md5...). Adding that will allow your API calls to work with current and upcoming versions of macOS.

Thanks to @frogor on MacAdmins Slack for posting this fix.

1 reply

Forum|alt.badge.img+4
  • New Contributor
  • 3 replies
  • February 3, 2022

just so there is more clarifying on this, I heard this change will be on macOS 12.3 for those who are wondering. Get your stuff updated ahead of time so you don't have any big issues. You just need to update the decryption string function to the following:

function DecryptString() {
    # Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
    echo "${1}" | /usr/bin/openssl enc -aes256 -md md5 -d -a -A -S "${2}" -k "${3}"
}

  This updated function will work on lower macOS versions so you don't have to make two different functions for lesser versions.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings