Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ciecleci/androidのOpenSSLに気をつけよう

Ad37f739bffa0e38c8461e452cb3a489?s=47 yamacraft
October 27, 2017
Technology
0
460

 ciecleci/androidのOpenSSLに気をつけよう

2017年10月27日(金)に開催されたshibuya.apk #19にて発表した資料になります

Ad37f739bffa0e38c8461e452cb3a489?s=128

yamacraft

October 27, 2017
Tweet

More Decks by yamacraft

See All by yamacraft
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
1.2k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
1.6k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
2.6k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
4.2k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
3.8k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
650
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
1.5k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
940
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
320

Other Decks in Technology

See All in Technology
462feb0fe0493c40d55650da664e8773?s=48 clustervr
PRO
0
210
7e6a435700dda6cdb22105d601f20892?s=48 picardparis
4
2.4k
74cec195bfb6cb5165256d88cb7fcf0f?s=48 miu_crescent
0
140
Fb025419ed38f98df595eb2eafc859f4?s=48 ihcomega56
2
170
53817d765d91855d2fabcaef60f8bba0?s=48 chipstar_light
0
480
45a72486b4481b73b963a74ecaefc76f?s=48 kadoppe
1
200
Db56c5975c67fcabeb1a395b835fa250?s=48 brtriver
1
480
B1dca90d4b3ffd2ccd918774e1ba170d?s=48 hmatsu47
1
170
872c040ebc1db6c2090d99dde729a8d4?s=48 supership
0
190
23f4d5d797a91b6d17d627b90b5a42d9?s=48 kentaro
2
470
7fb7baff24528be4d8b6e0e6cf831b81?s=48 tj8000rpm
0
210
4ab9c4c8dec50dc08b89981e23e111f2?s=48 katsumataryo
3
820

Featured

See All Featured
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
330
15k
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
776
200k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
19
1.3k
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
204
37k
168ccec72eee0530b818d44f3fedaacf?s=48 shlominoach
176
7.6k
Dad095ea7038f89f760419ce475d5d14?s=48 michaelherold
226
8.6k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
272
16k
1f74b13f1e5c6c69cb5d7fbaabb1e2cb?s=48 sferik
613
55k
E195ae45320d9202eaa01c9f1d31a416?s=48 marktimemedia
7
450
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
22
2.2k
Ae14cc4491ac334f9cd23f9f93b4305e?s=48 orderedlist
PRO
330
36k
5f83ef806155b403c3393160ce51f955?s=48 jlugia
217
16k

Transcript

  1. circleci/androidͷ OpenSSLʹؾΛ͚ͭΑ͏ @yamacraft

  2. profile • @yamacraft (Wataru Yamada) • Mobile Application Engineer •

    LeadingMark, inc • team Y.G.E.(private) • Ұ෦دߘ → → →

  3. αϯϓϧϓϩδΣΫτ https://github.com/yamacraft/android.RequestPermissions

  4. લஔ͖ • ઌ΄ͲͷϓϩδΣΫτ͸Circle CI 1.0ͰϏϧυ͢Δ࢓૊ΈΛೖ Ε͍ͯͨ • Circle CI 2.0ͩͱϏϧυ΋ૣ͘ͳΔͱฉ͍ͨͷͰɺࢼ͠ʹରԠ

    ͯ͠ΈΑ͏ͱࢥͬͨ • ͪͳΈʹൿಗ৘ใ͸OpenSSLͰ҉߸Խͨ͠ϑΝΠϧʹೖΕͯ ͍Δʢ1.0࣌୅ʹެ͕ࣜҊ಺ͯͨ͠ํ๏Λ࠾༻ʣ • https://github.com/circleci/encrypted-files

  5. Circle CI2.0Ͱઃఆͨ͠಺༰ • image͸ެࣜͷcircleci/androidΛ࢖༻ • OpenSSLͰ҉߸Խͨ͠ϑΝΠϧΛ෮ݩ͠ɺγ εςϜͷ؀ڥม਺ʹ૊ΈࠐΉ • ͋ͱ͸./gradlew build͢Δ͚ͩ

  6. decryptͰ͖ͳ͍…

  7. Ͳ͏ͯ͠… • circleci/android(apt)ͷOpenSSL͸ 1.1.0f • mac OS(homebrew)ͷOpenSSL͸1.0.2l • 1.1.0͔Βޓ׵ੑʹͪΐͬͱ໰୊ʢ࢓༷มߋʣ ͕͋ΔΒ͍͠…

  8. ৄࡉ • OpenSSL1.1.0ͱҎલͷόʔδϣϯͱͷޓ׵ੑ • https://http2.try-and-test.net/openssl1_1_0_tips.html

  9. ͰɺͲ͏ͨ͠ͷʁ • ҉߸ԽϑΝΠϧΛ࡞Δ࣌ʹɺҰํ޲ؔ਺Λ sha256ࢦఆ͢ΔΦϓγϣϯΛࢦఆͯ͠ੜ੒͢ Δͱ෮߸ԽͰ͖ΔΑ͏ʹͳΔ • openssl aes-256-cbc -md sha256

    -e -in secret-env-plain -out secret-env-cipher -k $KEY

  10. ϏϧυͰ͖ͨʂ

  11. ·ͱΊ OpenSSLͷόʔδϣϯҧ͍ʹ͸ؾΛ͚ͭΑ͏ʂ

  12. ͓͠·͍