Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SSLって必要ですか〜Let's Encryptを試してみよう

F9feb45c0a049cccc3e2563f1fe2f869?s=47 sonson
May 15, 2016
Programming
3
460

SSLって必要ですか〜Let's Encryptを試してみよう

SSLの必要性,Let's Encryptのちょっとした使い方について概観する.

F9feb45c0a049cccc3e2563f1fe2f869?s=128

sonson

May 15, 2016
Tweet

More Decks by sonson

See All by sonson
F9feb45c0a049cccc3e2563f1fe2f869?s=48 sonsongithub
2
290
F9feb45c0a049cccc3e2563f1fe2f869?s=48 sonsongithub
0
650
F9feb45c0a049cccc3e2563f1fe2f869?s=48 sonsongithub
1
260
F9feb45c0a049cccc3e2563f1fe2f869?s=48 sonsongithub
0
160
F9feb45c0a049cccc3e2563f1fe2f869?s=48 sonsongithub
5
16k
F9feb45c0a049cccc3e2563f1fe2f869?s=48 sonsongithub
3
5.8k
F9feb45c0a049cccc3e2563f1fe2f869?s=48 sonsongithub
0
250
F9feb45c0a049cccc3e2563f1fe2f869?s=48 sonsongithub
0
360

Other Decks in Programming

See All in Programming
9b753d898d93aae8bd163db5c420a1ae?s=48 s6323859
2
1.1k
8e686c2dcfd4cc143fbc21baf893626b?s=48 tako8ki
1
530
3f523bb4384468543d01a1d21029fc12?s=48 obregonia1
0
460
3931098ae486b6df619050c63e24f6cc?s=48 osyo
0
820
Cc8ec9594b83b5dc3c7eef345c05dc8d?s=48 shiz
6
1.2k
1145fb026140c0af54cf49a9da6e79ee?s=48 stefanscheidt
0
120
5b3338b3676d4f7091a575e584f3a4f4?s=48 coe401_
PRO
2
680
Afdb8e40066f7939ff82727bc0c892ce?s=48 junk0612
0
120
E66449b8260b07a1cf51c5ab5eaa8180?s=48 dunglas
3
3.1k
E586b46d5b09f8109beb66bb146e4f20?s=48 tamappe
2
200
44f37c1fe3a6a56376bb41a338741355?s=48 ring
2
600
023b04c98f39cc041293d780352432ff?s=48 koic
9
1.3k

Featured

See All Featured
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
235
950k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
11
1.1k
5b9fe87ec1faa67a4599782930f45ec9?s=48 sstephenson
149
12k
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
67
4.4k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
13
990
1f74b13f1e5c6c69cb5d7fbaabb1e2cb?s=48 sferik
612
56k
245cee81a9c424266e5e401d844ea881?s=48 lara
175
10k
3d6ace9554821d552146413bcdf874f6?s=48 trishagee
37
4.6k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
654
120k
5f50f94346fbcb23706f0707169317a4?s=48 aarron
261
36k
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
119
11k
E195ae45320d9202eaa01c9f1d31a416?s=48 marktimemedia
14
660

Transcript

  1. ஌͍ͬͯΔਓ͸ίʔυॻ͍͍ͯͯͩ͘͞ Tech. Yuichi Yoshida Researcher, DENSO IT Laboratory, Inc. #yidev

    @sonson_twit © 2014 DENSO IT Laboratory, Inc., All rights reserved. Redistribution or public display not permitted without written permission from DENSO IT Laboratory, Inc. Let’s Encrypt~SSL~Autolayout

  2. ࣗݾ঺հ • sonson • twitter: sonson_twit • github: sonsongithub •

    portfolio • reddift(SwiftͰॻ͍ͨreddit.comͷAPIϥούʔ) • ࢓ࣄ • ը૾ೝࣝ/ݕࡧ/ͦΕΛ࢖ͬͨΞϓϦ • ػցֶशͷ͓ษڧͱ͔ॾʑͱ͔

  3. ࠓ೔ͷ಺༰ • SSLͬͯඞཁͰ͔͢ʙLet’s Encrypt • AutolayoutΛ࢖͍ͬͯΔ͕ɼԶ͸΋͏ݶք͔΋͠Εͳ͍

  4. SSLͬͯඞཁͰ͔͢ʁ Let’s EncryptͰ͍͍ͷ͔ɼѱ͍ͷ͔

  5. ໔੹ ͜ͷൃද಺༰͸ɼ٢ా༔ҰͷݸਓతͳݟղͰ͋Γɼ ॴଐ͢Δஂମ౳ͷެࣜతͳݟղͰ͸͋Γ·ͤΜɽ ·ͨຊൃද಺༰Λฉ͖ɼͦͷཧղʹج͍ͮͯͦͷຊਓ͕ ͱͬͨ೗ԿͳΔߦಈʹΑΔଛ֐౳ʹର͠ɼ੹೚Λෛ͍·ͤΜɽ Ҏ্ͷ͜ͱΛཧղͰ͖ͳ͍ਓɼ͋Δ͍͸ड͚ೖΕΒΕͳ͍ਓ ͸ຊൃදΛฉ͘͜ͱ͸͝ԕྀ͍ͩ͘͞ɽ

  6. None
  7. None

  8. എܠ • iOS9Ҏ߱ɼATSಋೖ͞ΕΔ • σϑΥϧτͰ͢΂ͯhttps௨৴ʹஔ͖׵͑ΒΕΔ • iOSͰ΋SSL͸جຊཁ݅ʹͳΓͭͭ͋Δ • ࣗ෼Ͱӡ༻͍ͯ͠ΔαʔόͷSSLରԠ •

    sonson.jp͸ɼgithub hostingҎ֎͸͢΂ͯSSL • 2tchͷόοΫΤϯυ΋৽͍͠όʔδϣϯ͸SSL • ͦΜͱ͖ʹ৭ʑษڧͨ͠ • ϝΠϯͷڵຯ͸RSA҉߸ͷ਺ֶͩͬͨΜ͕ͩ

  9. എܠ • ͖͔͚ͬ • LINE Bot API • LINE Bot

    API • SSL௨৴ඞਢ • Let’s Encryptͩͱ࢖͑ͳ͍ • AWS͔Β͸࢖͑Δ • SSLͷূ໌ॻ • Կͷҧ͍͕͋Δͷʁ • ҰମɼԿͷͨΊʹඞཁͳͷʁ

  10. SSLͷඞཁੑ • Wi-FiͷηΩϡϦςΟ໰୊ • httpsͰͳ͍ͱةݥ • DNSͷηΩϡϦςΟ໰୊ • ѱҙͷ͋ΔDNS໰୊ •

    ηΩϡΞͳDNS͕ͳ͔ͳ͔Ͱͯ͜ͳ͍ • httpͰDNS໊͚ͩͰ૬खΛ֬ೝ͢Δͷ͸ةݥ • DNSΫϥοΫʹΑΔͳΓ͢·͠໰୊

  11. ѱҙ͋ΔDNSͷڴҖ ΫϥΠΞϯτ %/4 ۜߦ *1 χηۜߦ *1 bank.co.jp 1.1.1.1 bank.co.jp

  12. ѱҙ͋ΔDNSͷڴҖ ΫϥΠΞϯτ ͏ͦͬ͜ %/4 ۜߦ *1 χηۜߦ *1 bank.co.jp 2.2.2.2

    bank.co.jp %/4ͷਖ਼౰ੑΛ νΣοΫ͢Δज़͕ͳ͍

  13. ҉߸௨৴ͷ3ཁ݅ • ൿಗ • ୭ʹ΋౪ΈݟΒΕͳ͍ • ׬શੑ • ୭ʹ΋վ᜵͞Εͳ͍ •

    ೝূ • ୭ʹ΋ͳΓ͢·͞Εͳ͍

  14. ࠓ೔ͷٕज़ͷݶք • ൿಗ • ૉҼ਺෼ղ͕࣮࣌ؒͰղ͔Εͳ͍ݶΓ҆શ • ׬શੑ • SHAͳͲͰ֬อͰ͖Δ •

    ೝূ • ࠓͷͱ͜Ζٕज़తʹղܾͰ͖͍ͯͳ͍

  15. ൿಗ • ެ։伴҉߸ํࣜ • RSA҉߸ • కΊΔ伴ɼ։͚Δ伴͕ҟͳΔ҉߸ํࣜ • 伴ͷ഑ૹ໰୊Λղܾͨ͠ʢ͍ͯ͠ΔʣͱݴΘΕΔ •

    ར༻͢Δ਺ֶ • ૉҼ਺෼ղ͕࣮࣌ؒͰܭࢉͰ͖ͳ͍ • ཭ࢄର਺͸࣮࣌ؒͰܭࢉͰ͖ͳ͍

  16. ׬શੑ • MD5, SHA • ͋Δσʔλͷϋογϡ஋Λ࡞Δ • MD5ͱαΠζͷখ͍͞SHA͸ةݥ • ϋογϡͷੑ࣭

    • σʔλΛೖΕΔͱϋογϡ஋͕ಘΒΕΔ • ೖྗ͕গ͠Ͱ΋มΘΔͱϋογϡ஋͸େ͖͘มΘΔ • σʔλΛվ᜵ͨ݁͠ՌʹରԠ͢Δϋογϡ஋Λ༧ଌ ͢Δ͜ͱ͸೉͍͠ • →ͭ·Γϋογϡ஋Λ֬ೝ͢Δͱվ᜵͞Ε͍ͯͳ͍ ͔Λ֬ೝͰ͖Δ

  17. ೝূ • ղܾ͢Δ਺ֶతͳ࢓૊Έ͸ະͩʹͳ͍

  18. ൿಗͱ׬શੑΛୡ੒ͯ͠΋ ૹ৴ऀ ड৴ऀ ҉߸Խσʔλ ൿಗ ҉߸Խ ׬શੑ վ᜵ෆՄ ड͚औΔ૬ख͕ ୭ͳͷ͔Θ͔Βͳ͍

    ߈ܸऀ

  19. ߈ܸྫ: man in the middle attack(MTM) ૹ৴ऀ தؒऀ ҉߸Խσʔλ ҉߸Խ

    վ᜵ෆՄ ۜߦ ҉߸Խσʔλ ೝূͷ࢓૊Έ͕ͳ͍ͱɼ୭ͱ௨৴͍ͯ͠Δ͔ͷ อূ͕ಘΒΕͳ͍

  20. ݱঢ়ͷରࡦʔSSLೝূہ • ೝূہ - Certificate Authority(CA)

  21. ݱঢ়ͷରࡦʔSSLೝূہ ΫϥΠΞϯτ %/4 ۜߦ *1 χηۜߦ *1 bank.co.jp 1.1.1.1 bank.co.jp

    ೝূہ ূ໌ॻ ͦΕ͸ۜߦͷ ূ໌ॻͰ͢

  22. ݱঢ়ͷରࡦʔSSLೝূہ ΫϥΠΞϯτ %/4 ۜߦ *1 χηۜߦ *1 bank.co.jp 2.2.2.2 bank.co.jp

    ೝূہ ূ໌ॻ ͦΕͩΕʁ

  23. OSXʹσϑΥϧτͰೖΔূ໌ॻ

  24. ΦϨΦϨূ໌͕μϝͳཧ༝ • man in the middle attack(MTM)ͷ㕒৯ • ͱ͸͍͑ɼMTM͘Βͬͯ΋͍͍ͬͯݴ͏ͳΒɼผ ʹΦϨΦϨূ໌ॻͰ΋Α͍ͱ͍͏͜ͱ

    • ΦϨΦϨূ໌ॻͰ͋ͬͯ΋ɼͦͷ૬खͱͷ௨৴ͷൿ ಗɼ׬શੑ͸อͨΕΔ

  25. ͳͥೝূ͕೉͍͠ͷ͔ • ʮ৴͡Δʯͱ͍͏͜ͱͷఆ͕ٛᐆດ͔ͩΒ

  26. ೝূہͷ৴༻ੑ https://www.jp.websecurity.symantec.com/repository/faq/class.html ৴༻ੑ͸ຊ౰ͷࣾձతͳ৴༻ੑΛಘΔͷͱ ಉ͡࢓૊ΈͰߏங͍ͯ͠Δ

  27. SSLূ໌ॻʹ͍ͭͯ • ೝূͷͨΊͷ࢓૊Έ • ҉߸Խͱ͔͸ɼࠜຊతʹ͸ؔ܎ͳ͍ • ࣮ࡍͷ࢓૊Έ্͋Δ͕ • ͏·͘ղܾ͢Δ޻ֶ/਺ֶతͳ࢓૊Έ͕ະͩͳ͍ •

    ೝূہɾূ໌ॻͷΫϥε • ೝূʹ͸͕͔͔ۚΔ • Let’s Encrypt΍StartSSLʹ͸৴པੑ͕଍Γͳ͍ • VerisignͳͲͷCLASS3͸৴པੑ͕ߴ͍ˠՁ֨΋ߴ͍

  28. Let’s Encrypt • ແྉͷSSLূ໌ॻ • ϝʔϧΞυϨεͷΈͷূ໌ • ࣗಈߋ৽ͷͨΊͷεΫϦϓτ΋഑෍͞Ε͍ͯΔ • https://github.com/certbot/certbot

    • ߋ৽ͷͨΊͷπʔϧ͕ͪΐͬͱલʹ͔Θͬͨ

  29. ࢓૊Έ • certbot͕Let’s Encryptͱ௨৴ͯ͠ূ໌ॻΛൃߦ • apacheͱnginx • ࣗಈͰূ໌ॻͷΠϯετʔϧ·Ͱ΍ΔΒ͍͠ • ಈ͔ͳ͍ͬͯBBSʹ͔͋ͬͨΒ࢖ͬͯͳ͍

    • webroot • ಛఆͷύεΛҰ࣌తʹ࢖͏ • letsencryptͷύεʹূ໌ॻ͕ίϐʔ͞ΕΔ • standalone • ಛఆͷϙʔτͰμΠϨΫτʹ௨৴͢ΔʢΒ͍͠ʣ • 80ͱ͔࢖͏ͷͰҰ࣌తʹαʔόΛด͡Δඞཁ͕͋Δ • manual • ڵຯͳ͍ͷͰݟͯͳ͍

  30. ͜Μ͚ͩͰΑ͍ ./letsencrypt-auto certonly --webroot \\ -w /var/www/example/ \\ -d www.example.com

  31. ৘ใ • ༗ޮظݶ • 90೔ • Let’s EncryptӡӦ͸60೔Ͱߋ৽͢Δ͜ͱΛਪ঑ • ੍ݶ

    • ͻͱͭͷIP͔ΒൃߦͰ͖ΔυϝΠϯ਺ • ͻͱͭͷIP͔ΒൃߦͰ͖Δূ໌ॻͷ਺ • ੍ݶ͸̓೔͘Β͍Ͱղআ͞ΕΔ • ೝূہͱͯ͠ • iOS/Windows/OSX౳ʹ͸৴༻͞Ε͍ͯΔ • ΫϥΠΞϯτʹΑͬͯ͸৴༻͍ͯ͠ͳ͍ͷͰཁ஫ҙ

  32. ࢀߟจݙ • ҉߸શൠ • ݁৓ߒ, ҉߸ٕज़ೖ໳ • RSA҉߸/ૉ਺पΓ • ϚʔΧεɾσϡɾιʔτΠ,ૉ਺ͷԻָ

    • ʴͦͷลͷେֶͷઌੜͷαΠτͳͲ

  33. AutolayoutΛ࢖͍ͬͯΔ͕ Զ͸΋͏ݶք͔΋͠Εͳ͍ GUIͷݶք

  34. ݱࡏ࡞ͬͯΔΞϓϦΛྫʹ

  35. Ϗϡʔͷ಺༁͸͜Μͳײ͡

  36. Έͳ͞ΜɼͲ͏΍ͬͯ࢖͍ͬͯ·͔͢ʁ • Storyboard • Storyboard + xib • ίʔυ

  37. Storyboard ͜ΜͳෳࡶͳϏϡʔΛGUI͔Β ࡞Δͱ͔ෆՄೳ 9999 +1001 3h sonson_twit imgur.com 11 images

    Just installed iOS 9.3 Beta without a developer account (iPhone 6S Plus), 3D Touch animation lag gone! Search Sketch 9:41 AM 100%

  38. Storyboard + xib ҙຯෆ໌ த਎͕Θ͔Βͳ͍

  39. ίʔυ ҙຯෆ໌ ͕ͩσβΠφ͕ ͍ͳ͍ͷͰͳΜͱ͔ͳΔ

  40. ίʔυ ҙຯෆ໌ ͕ͩσβΠφ͕ ͍ͳ͍ͷͰͳΜͱ͔ͳΔ Θ͚ͳ͍

  41. ͜͜Ͱɼٞ࿦͍ͨ͠ • AutolayoutɼࠓޙͲ͏͠·͔͢ʁ • Storyboard • Storyboard + xib •

    ίʔυ • Ή͠ΖɼAutolayout࢖Θͳ͍ • έʔε • ҰਓͰझຯͰॻ͘৔߹ • ਺ਓͷίʔσΟϯάɼن໛͸খ͍͞ • ҙঊ/UI/UXͷσβΠφ΋͍Δن໛ͷେ͖͍
  42. None

  43. ·ͱΊ • SSLʹ͍ͭͯͷ෮श • ऍᷟʹઆ๏Ͱ͢Έ·ͤΜ • ৴༻ʹ͸͓͕͔͔ۚΓ·͢ • SSL͕ԿͷͨΊʹඞཁ͔ɼৗʹߟ͑·͠ΐ͏ •

    Let’s Encryptͷ࢖͍ํʹ͍ͭͯ • Autolayout • ٧Μͩ