I am using Configuring Multiple Devices Using Profiles
This is the documentation I'm looking at
I'm confused by the documentation below
Encrypt and Sign a Profile
Both iOS and macOS support using encryption to protect the contents of profiles from unauthorized access. The encrypted profile can only be decrypted using a private key previously installed on a device. To encrypt a profile:
-
Remove the PayloadContent array and serialize it as a property list. Note that the top-level object in this property list is an array, not a dictionary.
-
CMS-encrypt the serialized property list as enveloped data.
-
Serialize the encrypted data in DER (Distinguished Encoding Rules) format.
-
Set the serialized data as the value of as a data property list item in the profile, using the EncryptedPayloadContent key.
Signing a profile guarantees data integrity. To sign a profile, place the XML property list in a DER-encoded, CMS Signed Data structure.
The documentation states that a total of four steps are required. These are the steps I wrote according to the documentation.
I now have an unencrypted mobileconfig file with the following content
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>FullScreen</key>
<true/>
<key>Icon</key>
<data>
iVBORw0KGgoAAAANSUhEUgAAAFMAAABXCAYAAAB4I3kWAAAAAXNS
R0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7D
AcdvqGQAAADWSURBVHhe7dChAQAgDMCwwf8/A4ITIhtT33WeCbF/
AzQTaibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQM6FmQs2Emgk1E2om
1EyomVAzoWZCzYSaCTUTaibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQ
M6FmQs2Emgk1E2om1EyomVAzoWZCzYSaCTUTaibUTKiZUDOhZkLN
hJoJNRNqJtRMqJlQM6FmQs2Emgk1E2om1EyomVAzoWZCzYSaCTUT
aibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQM5mZC+DNBKoqfY8fAAAA
AElFTkSuQmCC
</data>
<key>IsRemovable</key>
<true/>
<key>Label</key>
<string>test</string>
<key>PayloadDescription</key>
<string>Adds a Web Clip.</string>
<key>PayloadDisplayName</key>
<string>Web Clip (test)</string>
<key>PayloadIdentifier</key>
<string>com.qqq.webclip1</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.webClip.managed</string>
<key>PayloadUUID</key>
<string>D53575A8-FC80-442A-A1CB-58B14E7048E1</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Precomposed</key>
<true/>
<key>URL</key>
<string>http://www.google.com</string>
</dict>
</array>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string></string>
<key>PayloadIdentifier</key>
<string>com.qqq</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>D53575A8-FC80-442A-A1CB-58B14E7048E1</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
- Remove the PayloadContent array and serialize it as a property list. Note that the top-level object in this property list is an array, not a dictionary.
Is this the serialized property list? Encrypt this string?
<array>
<dict>
<key>FullScreen</key>
<true/>
<key>Icon</key>
<data>
iVBORw0KGgoAAAANSUhEUgAAAFMAAABXCAYAAAB4I3kWAAAAAXNS
R0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7D
AcdvqGQAAADWSURBVHhe7dChAQAgDMCwwf8/A4ITIhtT33WeCbF/
AzQTaibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQM6FmQs2Emgk1E2om
1EyomVAzoWZCzYSaCTUTaibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQ
M6FmQs2Emgk1E2om1EyomVAzoWZCzYSaCTUTaibUTKiZUDOhZkLN
hJoJNRNqJtRMqJlQM6FmQs2Emgk1E2om1EyomVAzoWZCzYSaCTUT
aibUTKiZUDOhZkLNhJoJNRNqJtRMqJlQM5mZC+DNBKoqfY8fAAAA
AElFTkSuQmCC
</data>
<key>IsRemovable</key>
<true/>
<key>Label</key>
<string>test</string>
<key>PayloadDescription</key>
<string>Adds a Web Clip.</string>
<key>PayloadDisplayName</key>
<string>Web Clip (test)</string>
<key>PayloadIdentifier</key>
<string>com.qqq.webclip1</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.webClip.managed</string>
<key>PayloadUUID</key>
<string>D53575A8-FC80-442A-A1CB-58B14E7048E1</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Precomposed</key>
<true/>
<key>URL</key>
<string>http://www.google.com</string>
</dict>
</array>