Upgrade to Pro — share decks privately, control downloads, hide ads and more …

復習 Code Signing

T. MOTOOKA
December 03, 2016

復習 Code Signing

T. MOTOOKA

December 03, 2016
Tweet

More Decks by T. MOTOOKA

Other Decks in Technology

Transcript

  1. ෮श Code Signing
    2016.12.03 Cocoaษڧձؔ੢ #70
    https://cocoa-kansai.connpass.com/event/44431/
    by T. MOTOOKA

    View Slide

  2. ࣗݾ঺հ
    T. MOTOOKA ʛ @t_motooka
    ຊۀɿWeb ΞϓϦ։ൃӡӦ
    झຯɿPDF / SVG / iOS / ϩάΛݟΔ
    ۙگใࠂɿMacΞϓϦ͸͡Ί·ͨ͠

    View Slide

  3. ࣗݾ঺հɿաڈͷMacΞϓϦ
    ࣌ܭ PPC FileCacherPPC
    ߴߍ2೥ੜͷࠒͷ࡞඼
    ߴߍ1೥ੜͷࠒͷ࡞඼
    MacΞϓϦྺ20೥ͷϕςϥϯʂʂ
    ʢ19೥΄ͲϒϥϯΫ͋Γʣ

    View Slide

  4. ͓୊ɿCode Signing

    View Slide

  5. ໨࣍
    Code Signing : ҙຯͱ࢓૊Έ
    ূ໌ॻͷछྨ
    Mac App Store ϦϦʔε࣌
    ॺ໊Λݕূ͢Δ
    ࢀߟจݙ

    View Slide

  6. CodeSigning : ҙຯͱ࢓૊Έ

    View Slide

  7. Code Signing ௚઀ͷ໨త
    iOSΞϓϦΛ
    ࣮ػʹೖΕΔ࣌ʹඞཁ
    App Store Ͱ഑෍͢Δ࣌ʹඞཁɹͳͲ
    MacΞϓϦΛ
    Mac App Store Ͱ഑෍͢Δ࣌ʹඞཁ
    ௚઀഑෍͢Δ࣌ʹඞཁɹͳͲ
    ͳͲ

    View Slide

  8. Code Signing ຊདྷͷ໨త
    ड͚औΓखɾϢʔβʔʹରͯ͠
    ॺ໊ऀ͕࡞ͬͨόΠφϦͰ͋Δ͜ͱΛূ໌͢Δ
    ʮt_motookaͷΞϓϦʯͱॻ͍ͯ͋Δ͜ͱ͕৴༻Ͱ͖Δ
    վ͟Μ͞Ε͍ͯͳ͍͜ͱΛূ໌͢Δ
    ʮt_motookaͷΞϓϦʯͱॻ͔Εͯ͋ΔͳΒɺ
    t_motookaҎ֎ͷਓͷख͸ՃΘ͍ͬͯͳ͍ͱ৴͡ΕΔ

    View Slide

  9. ࢓૊Έɿॺ໊
    ॺ໊ର৅ͷσʔλͷϋογϡ஋Λܭࢉ͢Δ
    ॺ໊ऀͷൿີ伴Ͱϋογϡ஋Λ҉߸Խˠσδλϧॺ

    ॺ໊ର৅ͷσʔλʹ࣍ͷ΋ͷΛఴ෇
    ॺ໊ऀͷূ໌ॻʢˠൿີ伴ʹରԠ͢Δެ։伴ʣ
    σδλϧॺ໊ʢൿີ伴Ͱ҉߸Խͨ͠ϋογϡ஋ʣ

    View Slide

  10. ࢓૊Έɿॺ໊ͷݕূ
    ॺ໊ऀͷূ໌ॻ͕৴པͰ͖Δ͔ʁͷݕূ
    Appleͷॺ໊Λड͚͍ͯΔ͔ʁͱ͍͏؍఺
    ॺ໊ର৅ͷσʔλͷϋογϡ஋Λܭࢉ͢Δ
    σδλϧॺ໊Λॺ໊ऀͷূ໌ॻʢެ։伴ʣͰ෮߸
    ෮߸ͨ͠΋ͷͱϋογϡ஋ͱ͕Ұகͨ͠ΒOK

    View Slide

  11. CodeSigning : ҙຯͱ࢓૊Έ
    ҙຯͱ࢓૊ΈΛ஌͍ͬͯΔͱ
    ূ໌ॻ࡞੒ͷ࡞ۀ͕ɺ஗଺ແ͘Ͱ͖ΔΑ͏ʹͳΔ
    ূ໌ॻ࡞੒ͷ࡞ۀ͕ɺ΢β͘ͳ͘ͳΔ
    Τϥʔϝοηʔδͷҙຯ͕Θ͔ΔΑ͏ʹͳΔ
    ʮূ໌ॻॺ໊ཁٻʯΛεϥεϥݴ͑ΔΑ͏ʹͳΔ

    View Slide

  12. ূ໌ॻͷछྨ

    View Slide

  13. ূ໌ॻͷछྨɿiOS
    Code Signing
    iOS App Development : ࣮ػ։ൃ༻
    App Store and Ad Hoc : ഑෍༻
    ͦΕҎ֎
    Apple Push Notification service SSL : ϓογϡ௨஌༻
    Apple Pay Certificate : औҾσʔλ෮߸༻

    View Slide

  14. ূ໌ॻͷछྨɿMac
    Mac Development : DebugϏϧυ༻
    Mac App Distribution : Mac App Store ༻
    Mac Installer Distribution : Mac App Store ఏग़༻
    Developer ID : Mac App Store Ҏ֎Ͱͷ഑෍༻
    Developer ID ͚ͩ͸࡞੒ʹ “Agent” ݖݶ͕ඞཁ

    View Slide

  15. ূ໌ॻͷछྨɿ༗ӹͳࢿྉ
    https://developer.apple.com/library/content/documentation/IDEs/Conceptual/AppDistributionGuide/
    MaintainingCertificates/MaintainingCertificates.html#//apple_ref/doc/uid/TP40012582-CH31-SW41

    View Slide

  16. Mac App Store ϦϦʔε࣌

    View Slide

  17. Mac App Store ϦϦʔε࣌
    Ϣʔβͷखݩʹಧ͘ͱ͖ɺ

    Apple Mac OS Application Signing ʹΑͬͯॺ໊͞Ε
    ͳ͓͞Ε͍ͯΔ

    View Slide

  18. ॺ໊Λݕূ͢Δ

    View Slide

  19. MacΞϓϦͷॺ໊ݕূ
    $ codesign -v hogehoge.app/
    ॺ໊͞Εͯͳ͍ͱ͖ͷग़ྗྫ

    SuddenDeathMac.app: code object is not signed at all
    ਖ਼͘͠ॺ໊͞Ε͍ͯΔͱ͖͸ɺԿ΋ग़ྗ͞Εͳ͍
    ॺ໊ޙʹվ͟Μ͞Εͨͱ͖ͷग़ྗྫ

    malware.app/: invalid Info.plist (plist or signature have
    been modified)

    View Slide

  20. վ͟Μͨ͠ΞϓϦΛىಈ
    EXC_CRASH (Code Signature Invalid)

    View Slide

  21. MacΞϓϦͷॺ໊ݕূɿৄࡉ
    $ codesign -dv --verbose=4 Adobe\ Illustrator.app/
    Executable=/Applications/Adobe Illustrator CC 2017/Adobe Illustrator.app/Contents/MacOS/Adobe Ill
    Identifier=com.adobe.illustrator
    Format=app bundle with Mach-O thin (x86_64)
    CodeDirectory v=20200 size=112005 flags=0x0(none) hashes=5593+3 location=embedded
    OSPlatform=36
    OSSDKVersion=658176
    OSVersionMin=657920
    Hash type=sha1 size=20
    CandidateCDHash sha1=bbbdf9c2baa5c04ad85913f370dec5b680143b80
    Hash choices=sha1
    Page size=4096
    CDHash=bbbdf9c2baa5c04ad85913f370dec5b680143b80
    Signature size=8524
    Authority=Developer ID Application: Adobe Systems, Inc.
    Authority=Developer ID Certification Authority
    Authority=Apple Root CA
    Timestamp=2016/10/11 8:18:04
    Info.plist entries=24
    TeamIdentifier=JQ525L2MZD
    Sealed Resources version=2 rules=12 files=17323
    Internal requirements count=1 size=184

    View Slide

  22. MacΞϓϦͷॺ໊ݕূ
    ৄࡉදࣔ࣌ʢ-dv --verbose=4ʣ͸վ͟Μݕ஌͠ʹ͘
    ͍͜ͱʹ஫ҙʂ

    View Slide

  23. iOSΞϓϦͷॺ໊ݕূ
    ʢ͕࣌ؒແͯ͘ௐ΂͖Εͳ͔ͬͨɻਐḿμϝɻʣ

    View Slide

  24. ࢀߟจݙ

    View Slide

  25. ࢀߟจݙ
    Code Signing Guide

    https://developer.apple.com/library/content/documentation/Security/
    Conceptual/CodeSigningGuide/Introduction/Introduction.html
    App Distribution Guide

    https://developer.apple.com/library/content/documentation/IDEs/
    Conceptual/AppDistributionGuide/Introduction/Introduction.html#//apple_ref/
    doc/uid/TP40012582-CH1-SW1
    Distributing Apps Outside the Mac App Store

    https://developer.apple.com/library/content/documentation/IDEs/
    Conceptual/AppDistributionGuide/DistributingApplicationsOutside/
    DistributingApplicationsOutside.html


    View Slide

  26. ·ͱΊ
    ཧ۶Λ஌Ε͹ɺ࡞ۀ͕ݟ͑ͯ͘Δɻ
    Code Signing Λཧղͯ͠ɺ

    ϦϦʔε௚લͷτϥϒϧΛճආ͠Α͏ʂ
    ϓογϡ௨஌ɺExtensionɺAppleWatchɺApplePay

    ূ໌ॻ͕ඞཁͳػձ͸೥ʑ૿͑ΔҰํ

    ɹˠɹجૅΛԡ͑ͯ͞ϥΫ͠Α͏ʂ

    View Slide

  27. Կ͔࣭͝໰ͳͲ͋Ε͹

    View Slide

  28. ׬

    View Slide