The structure of a .mobileprovision file looks something like this:
<!-- small binary data -->
<?xml version="1.0" encoding="UTF-8"?>
<!-- plist data -->
</plist>
<!-- large binary data -->
I have a few questions around this:
Specifically, I will consider this question as answered (and award the +100 bounty alongwith it) when both Q1 and Q3 above are answered.
The profiles resource represents the provisioning profiles that allow you to install apps on your iOS devices or Mac. You can create and delete provisioning profiles, and download them to sign your code. Provisioning profiles include signing certificates, device identifiers, and a bundle ID.
A provisioning profile links your signing certificate and App ID so that you can sign apps to install and launch on iOS devices. You must have a development provisioning profile to sign apps for use with iOS Gateway version 3.4 and later.
A provisioning profile is downloaded from your developer account and embedded in the app bundle, and the entire bundle is code-signed. A Development Provisioning Profile must be installed on each device on which you wish to run your application code.
File used by Apple Xcode, a software development IDE often used for creating iPhone apps; contains a provisioning profile, which allows an app to be uploaded to a limited number of iPhones or iPads while it is still in development.
I finally got the answer from an answer to another question on SO.
Basically the .mobileprovision file is a CMS encrypted XML file. It can be decoded using security
on OS X:
security cms -D -i /path/to/profile.mobileprovision
I don't have an answer to your initial question, but I can explain how to extract the signing certificate from the .mobileprovision file:
I have a short shell script for extracting the subject of the signing certificate directly from the .mobileprovision file here: https://gist.github.com/2147247 - the script works with only one certificate in the array mentioned earlier, which should be the common case.
As you can see in the script, I have no answer to your third question, I am just cutting away the first line and everything after the closing tag.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With