Inserting Unencrypted Token into DEP

Question

apple_actacom OP

Created Jun ’15

Replies 4

Boosts 0

Participants 2

Hello,

I am currently working on a application, consuming the Apple MDM Api.

In order to be able to use this API, I need to authorize using data from a decrypted server token (found in the corresponding server on https://deploy.apple.com).

So far this is all good.

Steps we managed to do so far:

1. Create Public/Private key

2. Added our server to https://deploy.apple.com in combination with our public key.

3. Generated and downloaded the token that gets automatically generated.

4. Decrypted that token using the private key (for the correct information in order to consume the API)

Steps that need to be done:

1. Install the Generated token on the Apple Server's DEP (Local Apple Server)

The Problem:

When we go to the Local Apple Server's DEP and try to enable the DEP, an already existing public key is already installed there.

Since we used a different Public/Private key to generate the token, our Local Apple Server's DEP tells us that the Token is invalid.

We are kind of stuck here.

How do we upload the token generated by our own private/public key?

Or decrypt the one that gets automatically generated? (This only gives a public key, no private)

Note:

The documentation tells us that we can use a unencrypted token as well. We have tried to install the unencrypted one in our server, but this gives us the same result (unable to install it).

Boost

Answer 1

djcreedy OP

Jun ’15

You could easily just use the public key from the Apple server, make a new MDM server at deploy.apple.com and use the public key there, get a new token, and insert it.

I've only ever used the encrypted tokens with Apple's server, so I can't speak for it allowing unencrypted.

Is there a reason you need to use your own generated keypair over the one generated with Apple's server?

0

Answer 2

apple_actacom OP

Jun ’15

That we managed to do also,

But we need to do this with our custom Private/Public Key.

A Private key is used to decrypt the token you insert on the server, this token contains information required to consume the API.

We are developing our own application, since we need to consume the API, we need to use a private key to decrypt it.

0

Answer 3

djcreedy OP

Jun ’15

If you are develping your own application, then you should just handle the decryption of the token in that no?

0

Answer 4

apple_actacom OP

Jun ’15

Unfortunately that's not the case.

The Token downloaded from deploy.apple.com needs to be installed on the MDM Server.

The problem here is that the Token is generated based on a custom made private/public key.

The MDM Server already has a different public key installed and therefore the token is not valid for the MDM server.

The public key on the MDM Server is also not replaceable by the one we created ourselves.

We need to use our own made Private/Public key in order to decrypt the token and consume the API

0