Sign monileconfig file using certificate programmatically using Swift

Programming Languages Swift
Andriy_Hrytsyshy OP
Created Mar ’22
Replies 3
Boosts 0
Views 1k
Participants 2

Hello everyone, my question is how to programmatically sign the configuration file before downloading the file from the local server? I have a file of type .mobileconfig and a certificate file of type .pem with a key received from Zerossl. There are 3 chain certificates

-----BEGIN CERTIFICATE——
//some symbols
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE——
//some symbols
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE——
//some symbols
-----END CERTIFICATE-----

I manage to sign the certificate locally on the computer using terminal commands, but in my case I need to do it programmatically in Swift inside the app.

Could somebody please help me with it?

Answered by DTS Engineer in 707239022

Can i write these commands programmatically in Swift?

Not on iOS:

  • iOS does not ship with a copy of the openssl command-line tool.

  • Even if it did, an iOS app can’t spawn child processes.

You could implement this by adding the OpenSSL libraries to your app and then calling the same library routines that the openssl command-line tool uses. This is exactly what I meant when I wrote “You will need to write or acquire your own CMS library.”

What’s your high-level goal here? Earlier you wrote:

before downloading the file from the local server?

Is this a server running inside your app? Or a server on the local network? If it’s the latter, why not do the profile generation on that server?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  3
Boosts  0
Views  1k
Participants  2
DTS Engineer OP
Apple
Mar ’22

I manage to sign the certificate locally on the computer using terminal commands

Care to share those commands with the group?

I suspect that they embed the configuration profile in a CMS ‘signed data’ wrapper. Is so, how you proceed depends on the target platform for your app:

  • macOS has a CMS API (<Security/CMSEncoder.h>) that makes it relatively easy to do this.

  • iOS, and its child platforms, do not. You will need to write or acquire your own CMS library.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
DTS Engineer OP
Apple
Mar ’22
Accepted Answer

Can i write these commands programmatically in Swift?

Not on iOS:

  • iOS does not ship with a copy of the openssl command-line tool.

  • Even if it did, an iOS app can’t spawn child processes.

You could implement this by adding the OpenSSL libraries to your app and then calling the same library routines that the openssl command-line tool uses. This is exactly what I meant when I wrote “You will need to write or acquire your own CMS library.”

What’s your high-level goal here? Earlier you wrote:

before downloading the file from the local server?

Is this a server running inside your app? Or a server on the local network? If it’s the latter, why not do the profile generation on that server?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
DTS Engineer OP
Apple
Mar ’22

I use a server that runs in the program itself.

Yeah, I suspected that might be the case.

What distribution channel are you planning to use here? The App Store? In-House (Enterprise) distribution within an organisation? Or is this just something for your own use?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Sign monileconfig file using certificate programmatically using Swift
First post date Last post date
 
 
Q