All geek questions in one place

MDM - Delivery and configuration of the profile by air

We follow the article below for submitting an application for participation in an air institution and its delivery

http://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/OTASecurity/OTASecurity.html#//apple_ref/doc/uid/TP40009505-CH3-SW1

We could follow the steps in Phase 1 and Phase 2. Once the device receives the certificate from the SCEP server (as part of phase 2), it will send the response back to the MDM server. This response is signed with a new certificate. The answer consists of a signature, plist content and a certificate in binary format. Ideally, we need to extract the public key from this certificate and use it to sign the configuration profile (.mobileconfig). However, it is difficult for us to extract the certificate from the response. It looks like the certificate is somehow corrupted. We tried different encodings. But it did not help: (

Someone successfully extracted the certificate in step # 3.

Really appreciate any help in this regard.

thanks

+4
source share
3 answers

The response from the device is an SMIME string encoded in DER. You can use openssl smime to extract the public key.

0
source

if you use C #, this may be available as part of the Pkcs library.

 using System.Security.Cryptography.Pkcs ... //get the data as a byte[] var signer = new SignedCms(); signer.Decode(input) //signer.Certificates[0] contains the cert
0
source

To extract certificates, you can use openssl cli:

 openssl pkcs7 -print_certs -in requestFromDevice.p7s -inform DER

Then you can easily stdout.split('-----END CERTIFICATE-----') output with stdout.split('-----END CERTIFICATE-----') and stdout.split("\n") (in javascript).

0
source

Source: https://habr.com/ru/post/1393703/

More articles:


All Articles