What is the binary data around the plist in a provisioning profile file?
I finally got the answer from an answer to another question on SO.
Basically the .mobileprovision file is a CMS encrypted XML file. It can be decoded using security
on OS X:
security cms -D -i /path/to/profile.mobileprovision
I don't have an answer to your initial question, but I can explain how to extract the signing certificate from the .mobileprovision file:
- The plist part of the .mobileprovision has a key 'DeveloperCertificates', whose value is an array of NSData.
- Each NSData is a .cer file - the signing certificate you are looking for.
I have a short shell script for extracting the subject of the signing certificate directly from the .mobileprovision file here: https://gist.github.com/2147247 - the script works with only one certificate in the array mentioned earlier, which should be the common case.
As you can see in the script, I have no answer to your third question, I am just cutting away the first line and everything after the closing tag.
use
security cms -D -i /path/to/profile.mobileprovision
if you get the error message security: SecPolicySetValue: One or more parameters passed to a function were not valid
just pipe the error to /dev/null
security cms -D -i /path/to/profile.mobileprovision 2> /dev/null