I am trying to sign and encrypt .mobileconfig profiles for iOS devices. Signing works perfectly using openssl::pkcs7 sign function in ruby, however using encrypt function, I get an encrypted data but Safari fails to install the profile saying "Invalid Profile". There are two questions in this regard: Which data from the .mobileconfig profile is actually encrypted that goes into the .. section of the EncryptedPayloadContent ? Is the data in binary format (.der) or base64 encoded? Any help in this regard would be helpful as APPLE severly lacks any documentation in encrypting the profiles.