logCollection icon indicating copy to clipboard operation
logCollection copied to clipboard

Published 20 hours ago verified publisher icon kc9wwh

Bad Decrypt

Open kMikaZu opened this issue 2 years ago • 3 comments

Hi

I followed the instructions on how to setup an encrypted log collection but I get a bad decrypt error:

Script result: bad decrypt
4334863916:error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/evp/evp_enc.c:521:
  adding: private/var/log/install.log (deflated 97%)
  adding: private/var/log/jamf.log (deflated 90%)
  adding: private/var/log/system.log (deflated 93%)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   422  100   422    0     0   1047      0 --:--:-- --:--:-- --:--:--  1060

mismatched tag at line 10, column 2, byte 404:
<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>
	Please continue your visit at our <a href="/">home page</a>.
</p>
=^
</body>
</html>
 at /System/Library/Perl/Extras/5.30/darwin-thread-multi-2level/XML/Parser.pm line 187.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
 31 1438k    0     0   31  448k      0   389k  0:00:03  0:00:01  0:00:02  390k
 87 1438k    0     0   87 1264k      0   607k  0:00:02  0:00:02 --:--:--  608k
100 1438k  100   422  100 1438k    179   612k  0:00:02  0:00:02 --:--:--  613k
<html>
<head>
	<title>Status page</title>
</head>
<body style="font-family: sans-serif;">
<p style="font-size: 1.2em;font-weight: bold;margin: 1em 0px;">Unauthorized</p>
<p>The request requires user authentication</p>
<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>
	Please continue your visit at our <a href="/">home page</a>.
</p>
</body>
</html>

What is going on here? I'm testing this on a Monterey machine.

Thanks!

kMikaZu avatar Dec 16 '22 12:12 kMikaZu

Well, unencrypted doesn't work anymore as well...

Script result:   adding: private/var/log/install.log (deflated 97%)
  adding: private/var/log/jamf.log (deflated 90%)
  adding: private/var/log/system.log (deflated 93%)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   422  100   422    0     0    304      0  0:00:01  0:00:01 --:--:--   305

mismatched tag at line 10, column 2, byte 404:
<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>
	Please continue your visit at our <a href="/">home page</a>.
</p>
=^
</body>
</html>
 at /System/Library/Perl/Extras/5.30/darwin-thread-multi-2level/XML/Parser.pm line 187.
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
 17 1442k    0     0   17  256k      0   244k  0:00:05  0:00:01  0:00:04  256k
 26 1442k    0     0   26  384k      0   182k  0:00:07  0:00:02  0:00:05  186k
 45 1442k    0     0   45  656k      0   215k  0:00:06  0:00:03  0:00:03  218k
100 1442k  100   422  100 1442k    107   366k  0:00:03  0:00:03 --:--:--  371k
<html>
<head>
	<title>Status page</title>
</head>
<body style="font-family: sans-serif;">
<p style="font-size: 1.2em;font-weight: bold;margin: 1em 0px;">Unauthorized</p>
<p>The request requires user authentication</p>
<p>You can get technical details <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">here</a>.<br>
	Please continue your visit at our <a href="/">home page</a>.
</p>
</body>
</html>

kMikaZu avatar Dec 16 '22 12:12 kMikaZu

I found the solution to this. I was running the generate function on a Monterey device and deploying the script to Ventura. Here is what i had to change in the function that I ran in Terminal to generate the encrypted password:

function GenerateEncryptedString() {
    # Usage ~$ GenerateEncryptedString "String"
    local STRING="${1}"
    local SALT=$(openssl rand -hex 8)
    local K=$(openssl rand -hex 12)
    local ENCRYPTED=$(echo "${STRING}" | openssl enc -md md5 -aes256 -a -A -S "${SALT}" -k "${K}")
    echo "Encrypted String: ${ENCRYPTED}"
    echo "Salt: ${SALT} | Passphrase: ${K}"
}

Note the addition of -md md5 to the command on line 6

Then, the same thing has to be added to line 66 of the script in Jamf

jamfProPass=$( echo "$6" | /usr/bin/openssl enc -md md5 -aes256 -d -a -A -S "$8" -k "$9" )

jandersonpos avatar Apr 27 '23 15:04 jandersonpos

Ok, thanks. I need to try this...

kMikaZu avatar May 25 '23 12:05 kMikaZu