Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ciecleci/androidのOpenSSLに気をつけよう

Ad37f739bffa0e38c8461e452cb3a489?s=47 yamacraft
October 27, 2017
Technology
0
460

 ciecleci/androidのOpenSSLに気をつけよう

2017年10月27日(金)に開催されたshibuya.apk #19にて発表した資料になります

Ad37f739bffa0e38c8461e452cb3a489?s=128

yamacraft

October 27, 2017
Tweet

More Decks by yamacraft

See All by yamacraft
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
1.3k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
1.6k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
2.7k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
4.2k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
3.9k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
670
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
1.5k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
950
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
340

Other Decks in Technology

See All in Technology
10c17b2a6e7687c9b039c5c8f9958495?s=48 missasan
2
820
6ed12627fec46a135f1bce5d56f3568e?s=48 nwiizo
3
2.4k
C4c161ae9eeeed8f161197410f7a228a?s=48 sizuhiko
0
230
Bf7fe621f4fe1615c228ef8a79b87282?s=48 shirayanagiryuji
1
360
A4d5b3aae2e67f31b513c88c726514c2?s=48 smzksts
0
230
66ab7440501bcaad37e602c8c9a708db?s=48 yjsong
0
250
5c4f5cafb8aa4f6258e5112412b3ab15?s=48 chisaki0120
0
130
Cf14f4e867682556820d937eeb267fc4?s=48 odash
0
540
2aea20b60d544d0dcccb70a4bb6af648?s=48 hminamiohtsu
3
1.4k
6f455f3ddfaa8a1c3a8a03ecd5d73d4f?s=48 hirakichi
0
130
848cae20fe522dfbecef7743f107fe0f?s=48 nishino
0
2.6k
5e811ea39e141c433cdd961bbaa03122?s=48 masayoshi
PRO
9
2k

Featured

See All Featured
245cee81a9c424266e5e401d844ea881?s=48 lara
595
61k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
225
48k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
208
20k
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
35
1.6k
E195ae45320d9202eaa01c9f1d31a416?s=48 marktimemedia
14
610
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
10
1k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
239
23k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
324
54k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
91
3.5k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
69
3.1k
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
15
990

Transcript

  1. circleci/androidͷ OpenSSLʹؾΛ͚ͭΑ͏ @yamacraft

  2. profile • @yamacraft (Wataru Yamada) • Mobile Application Engineer •

    LeadingMark, inc • team Y.G.E.(private) • Ұ෦دߘ → → →

  3. αϯϓϧϓϩδΣΫτ https://github.com/yamacraft/android.RequestPermissions

  4. લஔ͖ • ઌ΄ͲͷϓϩδΣΫτ͸Circle CI 1.0ͰϏϧυ͢Δ࢓૊ΈΛೖ Ε͍ͯͨ • Circle CI 2.0ͩͱϏϧυ΋ૣ͘ͳΔͱฉ͍ͨͷͰɺࢼ͠ʹରԠ

    ͯ͠ΈΑ͏ͱࢥͬͨ • ͪͳΈʹൿಗ৘ใ͸OpenSSLͰ҉߸Խͨ͠ϑΝΠϧʹೖΕͯ ͍Δʢ1.0࣌୅ʹެ͕ࣜҊ಺ͯͨ͠ํ๏Λ࠾༻ʣ • https://github.com/circleci/encrypted-files

  5. Circle CI2.0Ͱઃఆͨ͠಺༰ • image͸ެࣜͷcircleci/androidΛ࢖༻ • OpenSSLͰ҉߸Խͨ͠ϑΝΠϧΛ෮ݩ͠ɺγ εςϜͷ؀ڥม਺ʹ૊ΈࠐΉ • ͋ͱ͸./gradlew build͢Δ͚ͩ

  6. decryptͰ͖ͳ͍…

  7. Ͳ͏ͯ͠… • circleci/android(apt)ͷOpenSSL͸ 1.1.0f • mac OS(homebrew)ͷOpenSSL͸1.0.2l • 1.1.0͔Βޓ׵ੑʹͪΐͬͱ໰୊ʢ࢓༷มߋʣ ͕͋ΔΒ͍͠…

  8. ৄࡉ • OpenSSL1.1.0ͱҎલͷόʔδϣϯͱͷޓ׵ੑ • https://http2.try-and-test.net/openssl1_1_0_tips.html

  9. ͰɺͲ͏ͨ͠ͷʁ • ҉߸ԽϑΝΠϧΛ࡞Δ࣌ʹɺҰํ޲ؔ਺Λ sha256ࢦఆ͢ΔΦϓγϣϯΛࢦఆͯ͠ੜ੒͢ Δͱ෮߸ԽͰ͖ΔΑ͏ʹͳΔ • openssl aes-256-cbc -md sha256

    -e -in secret-env-plain -out secret-env-cipher -k $KEY

  10. ϏϧυͰ͖ͨʂ

  11. ·ͱΊ OpenSSLͷόʔδϣϯҧ͍ʹ͸ؾΛ͚ͭΑ͏ʂ

  12. ͓͠·͍