Jamf Nation Community

sdagley · ‎02-02-2022

An upcoming release of macOS will update the openssl tool, and If you are using the method documented in https://github.com/brysontyrrell/EncryptedStrings/blob/master/EncryptedStrings_Bash.sh to obfuscate the user name and password for calls to the Jamf Pro Classic API it will require modification to work with the new version.

The modification is to specify that the md5 message digest is to be used by adding the "-md md5" option to the openssl "enc" command (e.g. openssl enc -aes256... becomes openssl enc -aes256 -md md5...). Adding that will allow your API calls to work with current and upcoming versions of macOS.

Thanks to @frogor on MacAdmins Slack for posting this fix.

Signian · ‎02-03-2022

just so there is more clarifying on this, I heard this change will be on macOS 12.3 for those who are wondering. Get your stuff updated ahead of time so you don't have any big issues. You just need to update the decryption string function to the following:

function DecryptString() {
    # Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
    echo "${1}" | /usr/bin/openssl enc -aes256 -md md5 -d -a -A -S "${2}" -k "${3}"
}

This updated function will work on lower macOS versions so you don't have to make two different functions for lesser versions.

Jamf Nation Community

FYI: Using EncryptedStrings method for Classic API calls requires changes for upcoming macOS release