Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SSLって必要ですか〜Let's Encryptを試してみよう

sonson
May 15, 2016
Programming
3
470

SSLって必要ですか〜Let's Encryptを試してみよう

SSLの必要性,Let's Encryptのちょっとした使い方について概観する.

sonson

May 15, 2016
Tweet

More Decks by sonson

See All by sonson
計算グラフのJITコンパイラをLLVM on C++で作ろう
sonsongithub
2
410
LLVMでHalideみたいな計算グラフ+JITを作りたい
sonsongithub
0
1k
LLVM Tutorial 02 - わいわいswiftc
sonsongithub
1
320
LLVM Tutorial - わいわいswiftc
sonsongithub
0
200
How to make and publish a Swift playground book for iPad
sonsongithub
5
18k
Swiftで実装するHTML特殊文字の高速処理
sonsongithub
3
7.2k
First step of 3D touch
sonsongithub
0
410
Getting started with 3D Touch
sonsongithub
0
510

Other Decks in Programming

See All in Programming
Jongler en asynchrone avec Symfony HttpClient
alli83
1
470
DevRel/Japan 2023 - 1つの事業部だけで行う DevRel とは
hcrane
0
330
面倒なのは嫌なのでコンテナのマネージドサービスの極振りしたいと思います。
n1215
PRO
1
170
Prompt Engineering 勉強会 / 2023.03.21 GPT-4 Prompt 報告会
smiyawaki0820
17
7.9k
Eloquentとクエリビルダを両方使った実装の失敗例 - 第150回 PHP勉強会 #phpstudy
kotomin_m
0
180
Babylon.js書籍出版の裏側。ツイートから始まった奇跡の1年を振り返る
iwaken71
0
110
PHPerKaigi2023|技術負債とプロジェクトと私たち(technical debt&project&us)
weddingpark
0
190
PHPで任意精度演算を行って「正しい」金額計算をする方法 / Perform arbitrary precision arithmetic in PHP to achieve "accurate" monetary calculations
hiro_y
1
290
DDD Demystified ~結局DDDとは何なのか?何でないのか?~ #phperkaigi_reject
77web
0
640
Amplify Boostup #2 monorepo 運用による複数プロジェクト開発
coa00
0
140
時間を気にせず普通にカンニングもしつつ ISUCON12 本選問題を PHP でやってみる
sji
0
1k
アンドキュメンテッド ちょうぜつソフトウェア 設計入門 「オブジェクト指向に定義はない」のか?
tanakahisateru
4
1k

Featured

See All Featured
Building a Modern Day 
E-commerce SEO Strategy
aleyda
8
4.9k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
64k
In The Pink: A Labor of Love
frogandcode
133
21k
Support Driven Design
roundedbygravity
88
8.9k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
17k
Scaling GitHub
holman
453
140k
Debugging Ruby Performance
tmm1
67
11k
Testing 201, or: Great Expectations
jmmastey
25
5.8k
Into the Great Unknown - MozCon
thekraken
4
390
Optimizing for Happiness
mojombo
366
65k
Atom: Resistance is Futile
akmur
256
24k
VelocityConf: Rendering Performance Case Studies
addyosmani
317
22k

Transcript

  1. ஌͍ͬͯΔਓ͸ίʔυॻ͍͍ͯͯͩ͘͞
    Tech.
    Yuichi Yoshida
    Researcher, DENSO IT Laboratory, Inc.
    #yidev
    @sonson_twit
    © 2014 DENSO IT Laboratory, Inc., All rights reserved. Redistribution or public display not permitted without written permission from DENSO IT Laboratory, Inc.
    Let’s Encrypt~SSL~Autolayout

    View Slide

  2. ࣗݾ঺հ
    • sonson
    • twitter: sonson_twit
    • github: sonsongithub
    • portfolio
    • reddift(SwiftͰॻ͍ͨreddit.comͷAPIϥούʔ)
    • ࢓ࣄ
    • ը૾ೝࣝ/ݕࡧ/ͦΕΛ࢖ͬͨΞϓϦ
    • ػցֶशͷ͓ษڧͱ͔ॾʑͱ͔

    View Slide

  3. ࠓ೔ͷ಺༰
    • SSLͬͯඞཁͰ͔͢ʙLet’s Encrypt
    • AutolayoutΛ࢖͍ͬͯΔ͕ɼԶ͸΋͏ݶք͔΋͠Εͳ͍

    View Slide

  4. SSLͬͯඞཁͰ͔͢ʁ
    Let’s EncryptͰ͍͍ͷ͔ɼѱ͍ͷ͔

    View Slide

  5. ໔੹
    ͜ͷൃද಺༰͸ɼ٢ా༔ҰͷݸਓతͳݟղͰ͋Γɼ
    ॴଐ͢Δஂମ౳ͷެࣜతͳݟղͰ͸͋Γ·ͤΜɽ
    ·ͨຊൃද಺༰Λฉ͖ɼͦͷཧղʹج͍ͮͯͦͷຊਓ͕
    ͱͬͨ೗ԿͳΔߦಈʹΑΔଛ֐౳ʹର͠ɼ੹೚Λෛ͍·ͤΜɽ
    Ҏ্ͷ͜ͱΛཧղͰ͖ͳ͍ਓɼ͋Δ͍͸ड͚ೖΕΒΕͳ͍ਓ
    ͸ຊൃදΛฉ͘͜ͱ͸͝ԕྀ͍ͩ͘͞ɽ

    View Slide

  6. View Slide

  7. View Slide

  8. എܠ
    • iOS9Ҏ߱ɼATSಋೖ͞ΕΔ
    • σϑΥϧτͰ͢΂ͯhttps௨৴ʹஔ͖׵͑ΒΕΔ
    • iOSͰ΋SSL͸جຊཁ݅ʹͳΓͭͭ͋Δ
    • ࣗ෼Ͱӡ༻͍ͯ͠ΔαʔόͷSSLରԠ
    • sonson.jp͸ɼgithub hostingҎ֎͸͢΂ͯSSL
    • 2tchͷόοΫΤϯυ΋৽͍͠όʔδϣϯ͸SSL
    • ͦΜͱ͖ʹ৭ʑษڧͨ͠
    • ϝΠϯͷڵຯ͸RSA҉߸ͷ਺ֶͩͬͨΜ͕ͩ

    View Slide

  9. എܠ
    • ͖͔͚ͬ
    • LINE Bot API
    • LINE Bot API
    • SSL௨৴ඞਢ
    • Let’s Encryptͩͱ࢖͑ͳ͍
    • AWS͔Β͸࢖͑Δ
    • SSLͷূ໌ॻ
    • Կͷҧ͍͕͋Δͷʁ
    • ҰମɼԿͷͨΊʹඞཁͳͷʁ

    View Slide

  10. SSLͷඞཁੑ
    • Wi-FiͷηΩϡϦςΟ໰୊
    • httpsͰͳ͍ͱةݥ
    • DNSͷηΩϡϦςΟ໰୊
    • ѱҙͷ͋ΔDNS໰୊
    • ηΩϡΞͳDNS͕ͳ͔ͳ͔Ͱͯ͜ͳ͍
    • httpͰDNS໊͚ͩͰ૬खΛ֬ೝ͢Δͷ͸ةݥ
    • DNSΫϥοΫʹΑΔͳΓ͢·͠໰୊

    View Slide

  11. ѱҙ͋ΔDNSͷڴҖ
    ΫϥΠΞϯτ %/4
    ۜߦ
    *1
    χηۜߦ
    *1
    bank.co.jp
    1.1.1.1
    bank.co.jp

    View Slide

  12. ѱҙ͋ΔDNSͷڴҖ
    ΫϥΠΞϯτ
    ͏ͦͬ͜
    %/4
    ۜߦ
    *1
    χηۜߦ
    *1
    bank.co.jp
    2.2.2.2
    bank.co.jp
    %/4ͷਖ਼౰ੑΛ
    νΣοΫ͢Δज़͕ͳ͍

    View Slide

  13. ҉߸௨৴ͷ3ཁ݅
    • ൿಗ
    • ୭ʹ΋౪ΈݟΒΕͳ͍
    • ׬શੑ
    • ୭ʹ΋վ᜵͞Εͳ͍
    • ೝূ
    • ୭ʹ΋ͳΓ͢·͞Εͳ͍

    View Slide

  14. ࠓ೔ͷٕज़ͷݶք
    • ൿಗ
    • ૉҼ਺෼ղ͕࣮࣌ؒͰղ͔Εͳ͍ݶΓ҆શ
    • ׬શੑ
    • SHAͳͲͰ֬อͰ͖Δ
    • ೝূ
    • ࠓͷͱ͜Ζٕज़తʹղܾͰ͖͍ͯͳ͍

    View Slide

  15. ൿಗ
    • ެ։伴҉߸ํࣜ
    • RSA҉߸
    • కΊΔ伴ɼ։͚Δ伴͕ҟͳΔ҉߸ํࣜ
    • 伴ͷ഑ૹ໰୊Λղܾͨ͠ʢ͍ͯ͠ΔʣͱݴΘΕΔ
    • ར༻͢Δ਺ֶ
    • ૉҼ਺෼ղ͕࣮࣌ؒͰܭࢉͰ͖ͳ͍
    • ཭ࢄର਺͸࣮࣌ؒͰܭࢉͰ͖ͳ͍

    View Slide

  16. ׬શੑ
    • MD5, SHA
    • ͋Δσʔλͷϋογϡ஋Λ࡞Δ
    • MD5ͱαΠζͷখ͍͞SHA͸ةݥ
    • ϋογϡͷੑ࣭
    • σʔλΛೖΕΔͱϋογϡ஋͕ಘΒΕΔ
    • ೖྗ͕গ͠Ͱ΋มΘΔͱϋογϡ஋͸େ͖͘มΘΔ
    • σʔλΛվ᜵ͨ݁͠ՌʹରԠ͢Δϋογϡ஋Λ༧ଌ
    ͢Δ͜ͱ͸೉͍͠
    • →ͭ·Γϋογϡ஋Λ֬ೝ͢Δͱվ᜵͞Ε͍ͯͳ͍
    ͔Λ֬ೝͰ͖Δ

    View Slide

  17. ೝূ
    • ղܾ͢Δ਺ֶతͳ࢓૊Έ͸ະͩʹͳ͍

    View Slide

  18. ൿಗͱ׬શੑΛୡ੒ͯ͠΋
    ૹ৴ऀ ड৴ऀ
    ҉߸Խσʔλ
    ൿಗ
    ҉߸Խ
    ׬શੑ
    վ᜵ෆՄ
    ड͚औΔ૬ख͕
    ୭ͳͷ͔Θ͔Βͳ͍
    ߈ܸऀ

    View Slide

  19. ߈ܸྫ: man in the middle attack(MTM)
    ૹ৴ऀ தؒऀ
    ҉߸Խσʔλ
    ҉߸Խ
    վ᜵ෆՄ
    ۜߦ
    ҉߸Խσʔλ
    ೝূͷ࢓૊Έ͕ͳ͍ͱɼ୭ͱ௨৴͍ͯ͠Δ͔ͷ
    อূ͕ಘΒΕͳ͍

    View Slide

  20. ݱঢ়ͷରࡦʔSSLೝূہ
    • ೝূہ - Certificate Authority(CA)

    View Slide

  21. ݱঢ়ͷରࡦʔSSLೝূہ
    ΫϥΠΞϯτ %/4
    ۜߦ
    *1
    χηۜߦ
    *1
    bank.co.jp
    1.1.1.1
    bank.co.jp
    ೝূہ
    ূ໌ॻ
    ͦΕ͸ۜߦͷ
    ূ໌ॻͰ͢

    View Slide

  22. ݱঢ়ͷରࡦʔSSLೝূہ
    ΫϥΠΞϯτ %/4
    ۜߦ
    *1
    χηۜߦ
    *1
    bank.co.jp
    2.2.2.2
    bank.co.jp
    ೝূہ
    ূ໌ॻ
    ͦΕͩΕʁ

    View Slide

  23. OSXʹσϑΥϧτͰೖΔূ໌ॻ

    View Slide

  24. ΦϨΦϨূ໌͕μϝͳཧ༝
    • man in the middle attack(MTM)ͷ㕒৯
    • ͱ͸͍͑ɼMTM͘Βͬͯ΋͍͍ͬͯݴ͏ͳΒɼผ
    ʹΦϨΦϨূ໌ॻͰ΋Α͍ͱ͍͏͜ͱ
    • ΦϨΦϨূ໌ॻͰ͋ͬͯ΋ɼͦͷ૬खͱͷ௨৴ͷൿ
    ಗɼ׬શੑ͸อͨΕΔ

    View Slide

  25. ͳͥೝূ͕೉͍͠ͷ͔
    • ʮ৴͡Δʯͱ͍͏͜ͱͷఆ͕ٛᐆດ͔ͩΒ

    View Slide

  26. ೝূہͷ৴༻ੑ
    https://www.jp.websecurity.symantec.com/repository/faq/class.html
    ৴༻ੑ͸ຊ౰ͷࣾձతͳ৴༻ੑΛಘΔͷͱ
    ಉ͡࢓૊ΈͰߏங͍ͯ͠Δ

    View Slide

  27. SSLূ໌ॻʹ͍ͭͯ
    • ೝূͷͨΊͷ࢓૊Έ
    • ҉߸Խͱ͔͸ɼࠜຊతʹ͸ؔ܎ͳ͍
    • ࣮ࡍͷ࢓૊Έ্͋Δ͕
    • ͏·͘ղܾ͢Δ޻ֶ/਺ֶతͳ࢓૊Έ͕ະͩͳ͍
    • ೝূہɾূ໌ॻͷΫϥε
    • ೝূʹ͸͕͔͔ۚΔ
    • Let’s Encrypt΍StartSSLʹ͸৴པੑ͕଍Γͳ͍
    • VerisignͳͲͷCLASS3͸৴པੑ͕ߴ͍ˠՁ֨΋ߴ͍

    View Slide

  28. Let’s Encrypt
    • ແྉͷSSLূ໌ॻ
    • ϝʔϧΞυϨεͷΈͷূ໌
    • ࣗಈߋ৽ͷͨΊͷεΫϦϓτ΋഑෍͞Ε͍ͯΔ
    • https://github.com/certbot/certbot
    • ߋ৽ͷͨΊͷπʔϧ͕ͪΐͬͱલʹ͔Θͬͨ

    View Slide

  29. ࢓૊Έ
    • certbot͕Let’s Encryptͱ௨৴ͯ͠ূ໌ॻΛൃߦ
    • apacheͱnginx
    • ࣗಈͰূ໌ॻͷΠϯετʔϧ·Ͱ΍ΔΒ͍͠
    • ಈ͔ͳ͍ͬͯBBSʹ͔͋ͬͨΒ࢖ͬͯͳ͍
    • webroot
    • ಛఆͷύεΛҰ࣌తʹ࢖͏
    • letsencryptͷύεʹূ໌ॻ͕ίϐʔ͞ΕΔ
    • standalone
    • ಛఆͷϙʔτͰμΠϨΫτʹ௨৴͢ΔʢΒ͍͠ʣ
    • 80ͱ͔࢖͏ͷͰҰ࣌తʹαʔόΛด͡Δඞཁ͕͋Δ
    • manual
    • ڵຯͳ͍ͷͰݟͯͳ͍

    View Slide

  30. ͜Μ͚ͩͰΑ͍
    ./letsencrypt-auto certonly --webroot \\
    -w /var/www/example/ \\
    -d www.example.com

    View Slide

  31. ৘ใ
    • ༗ޮظݶ
    • 90೔
    • Let’s EncryptӡӦ͸60೔Ͱߋ৽͢Δ͜ͱΛਪ঑
    • ੍ݶ
    • ͻͱͭͷIP͔ΒൃߦͰ͖ΔυϝΠϯ਺
    • ͻͱͭͷIP͔ΒൃߦͰ͖Δূ໌ॻͷ਺
    • ੍ݶ͸̓೔͘Β͍Ͱղআ͞ΕΔ
    • ೝূہͱͯ͠
    • iOS/Windows/OSX౳ʹ͸৴༻͞Ε͍ͯΔ
    • ΫϥΠΞϯτʹΑͬͯ͸৴༻͍ͯ͠ͳ͍ͷͰཁ஫ҙ

    View Slide

  32. ࢀߟจݙ
    • ҉߸શൠ
    • ݁৓ߒ, ҉߸ٕज़ೖ໳
    • RSA҉߸/ૉ਺पΓ
    • ϚʔΧεɾσϡɾιʔτΠ,ૉ਺ͷԻָ
    • ʴͦͷลͷେֶͷઌੜͷαΠτͳͲ

    View Slide

  33. AutolayoutΛ࢖͍ͬͯΔ͕
    Զ͸΋͏ݶք͔΋͠Εͳ͍
    GUIͷݶք

    View Slide

  34. ݱࡏ࡞ͬͯΔΞϓϦΛྫʹ

    View Slide

  35. Ϗϡʔͷ಺༁͸͜Μͳײ͡

    View Slide

  36. Έͳ͞ΜɼͲ͏΍ͬͯ࢖͍ͬͯ·͔͢ʁ
    • Storyboard
    • Storyboard + xib
    • ίʔυ

    View Slide

  37. Storyboard
    ͜ΜͳෳࡶͳϏϡʔΛGUI͔Β
    ࡞Δͱ͔ෆՄೳ
    9999 +1001
    3h sonson_twit imgur.com
    11 images
    Just installed iOS 9.3 Beta without a developer
    account (iPhone 6S Plus), 3D Touch animation
    lag gone!
    Search
    Sketch 9:41 AM 100%

    View Slide

  38. Storyboard + xib
    ҙຯෆ໌
    த਎͕Θ͔Βͳ͍

    View Slide

  39. ίʔυ
    ҙຯෆ໌
    ͕ͩσβΠφ͕
    ͍ͳ͍ͷͰͳΜͱ͔ͳΔ

    View Slide

  40. ίʔυ
    ҙຯෆ໌
    ͕ͩσβΠφ͕
    ͍ͳ͍ͷͰͳΜͱ͔ͳΔ
    Θ͚ͳ͍

    View Slide

  41. ͜͜Ͱɼٞ࿦͍ͨ͠
    • AutolayoutɼࠓޙͲ͏͠·͔͢ʁ
    • Storyboard
    • Storyboard + xib
    • ίʔυ
    • Ή͠ΖɼAutolayout࢖Θͳ͍
    • έʔε
    • ҰਓͰझຯͰॻ͘৔߹
    • ਺ਓͷίʔσΟϯάɼن໛͸খ͍͞
    • ҙঊ/UI/UXͷσβΠφ΋͍Δن໛ͷେ͖͍

    View Slide

  42. View Slide

  43. ·ͱΊ
    • SSLʹ͍ͭͯͷ෮श
    • ऍᷟʹઆ๏Ͱ͢Έ·ͤΜ
    • ৴༻ʹ͸͓͕͔͔ۚΓ·͢
    • SSL͕ԿͷͨΊʹඞཁ͔ɼৗʹߟ͑·͠ΐ͏
    • Let’s Encryptͷ࢖͍ํʹ͍ͭͯ
    • Autolayout
    • ٧Μͩ

    View Slide