OTA Mobileconfig encryption

Question

Level 1

0 points

OTA Mobileconfig encryption

Hello,

I am currently trying to set a up a system where we can configure iPhone's with a mobileconfig file OTA. I am able to successfully do this with plaintext and signed mobileconfigs but the issue that I am running into is that I would like to encrypt the mobileconfig file before sending it to the user. I need a way to do this on the fly as there are too many devices to generate encrypted configuration profiles for all of them before hand.

Thanks.

MacBook, iOS 4

Posted on Jul 14, 2010 8:14 AM

Reply

Answer 1

Oct 14, 2010 2:54 PM in response to sumone4life

use openssl and encrypt the payload section of your plain text mobileconfig file.
create a new mobileconfig file the same as before but with an<key>EncryptedPayloadContent</key> section in place of the <key>PayloadContent</key>
then place your encrypted data between <data> Encrypted stuff here </data> tags

Load the certificate on devices with a separate profile

then you can get your encrypted profile on the device through safari / SMS or Email

Reply

Answer 2

bmoran4

Level 1

0 points

Oct 26, 2010 12:46 PM in response to orchieboy

How does one encrypt the EncryptedPayloadContent? It looks Base64 encoded, but there is more to it than just that.

Also, the profile must be signed to be encrypted. My question is, is it signed in a PKCS#7 Envelope first? Than the key is encrypted, or is the key encrypted first and then signed into a PKCS#7 Envelope?

Reply