Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ciecleci/androidのOpenSSLに気をつけよう

Ad37f739bffa0e38c8461e452cb3a489?s=47 yamacraft
October 27, 2017
Technology
0
490

 ciecleci/androidのOpenSSLに気をつけよう

2017年10月27日(金)に開催されたshibuya.apk #19にて発表した資料になります

Ad37f739bffa0e38c8461e452cb3a489?s=128

yamacraft

October 27, 2017
Tweet

More Decks by yamacraft

See All by yamacraft
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
1.5k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
1.7k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
3k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
4.3k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
4k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
690
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
1.5k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
980
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
380

Other Decks in Technology

See All in Technology
6d161fe47f36ac295189c3b6a0db2a9a?s=48 masahirokawahara
3
3.5k
098ad475722e3697ec2fba28c8654f9f?s=48 yuhta28
1
1.3k
B90a63f11581d1f064348e90ac2c9759?s=48 puremoru
1
120
4b2f3a64637b51e81813accbe8a98083?s=48 miura55
0
480
Cdf97a1b1b132c56582773c3ba09a3a6?s=48 rakus_dev
0
290
Cdf97a1b1b132c56582773c3ba09a3a6?s=48 rakus_dev
0
300
61cd8af33de206c39c875e3321e9c225?s=48 pineapplecandy
0
110
140494d272a4d89883a94fdfdb29dea2?s=48 oracle4engineer
PRO
10
13k
D18583cc111c111c775f8da7c5b2ff52?s=48 orimanabu
1
390
8284465a94bbdf1ea82cf1a67d55f447?s=48 kilometer
0
550
B3d3a2cce932eca144b8c13a63966404?s=48 alblue
2
450
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
0
120

Featured

See All Featured
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
224
120k
2f5463832ccb768ccb4a1ca3607c27ef?s=48 jacobian
264
20k
A16eb159db895e3b01d3dc95767ad595?s=48 jonyablonski
40
2k
F29327647a9cff5c69618bae420792ea?s=48 tenderlove
58
4k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
14
1.2k
Ecdea9b9714877b86cee08458f085481?s=48 trallard
27
1.3k
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
30
5.4k
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
172
8k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
195
9.1k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
86
8.3k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
71
3.2k
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
6
1k

Transcript

  1. circleci/androidͷ OpenSSLʹؾΛ͚ͭΑ͏ @yamacraft

  2. profile • @yamacraft (Wataru Yamada) • Mobile Application Engineer •

    LeadingMark, inc • team Y.G.E.(private) • Ұ෦دߘ → → →

  3. αϯϓϧϓϩδΣΫτ https://github.com/yamacraft/android.RequestPermissions

  4. લஔ͖ • ઌ΄ͲͷϓϩδΣΫτ͸Circle CI 1.0ͰϏϧυ͢Δ࢓૊ΈΛೖ Ε͍ͯͨ • Circle CI 2.0ͩͱϏϧυ΋ૣ͘ͳΔͱฉ͍ͨͷͰɺࢼ͠ʹରԠ

    ͯ͠ΈΑ͏ͱࢥͬͨ • ͪͳΈʹൿಗ৘ใ͸OpenSSLͰ҉߸Խͨ͠ϑΝΠϧʹೖΕͯ ͍Δʢ1.0࣌୅ʹެ͕ࣜҊ಺ͯͨ͠ํ๏Λ࠾༻ʣ • https://github.com/circleci/encrypted-files

  5. Circle CI2.0Ͱઃఆͨ͠಺༰ • image͸ެࣜͷcircleci/androidΛ࢖༻ • OpenSSLͰ҉߸Խͨ͠ϑΝΠϧΛ෮ݩ͠ɺγ εςϜͷ؀ڥม਺ʹ૊ΈࠐΉ • ͋ͱ͸./gradlew build͢Δ͚ͩ

  6. decryptͰ͖ͳ͍…

  7. Ͳ͏ͯ͠… • circleci/android(apt)ͷOpenSSL͸ 1.1.0f • mac OS(homebrew)ͷOpenSSL͸1.0.2l • 1.1.0͔Βޓ׵ੑʹͪΐͬͱ໰୊ʢ࢓༷มߋʣ ͕͋ΔΒ͍͠…

  8. ৄࡉ • OpenSSL1.1.0ͱҎલͷόʔδϣϯͱͷޓ׵ੑ • https://http2.try-and-test.net/openssl1_1_0_tips.html

  9. ͰɺͲ͏ͨ͠ͷʁ • ҉߸ԽϑΝΠϧΛ࡞Δ࣌ʹɺҰํ޲ؔ਺Λ sha256ࢦఆ͢ΔΦϓγϣϯΛࢦఆͯ͠ੜ੒͢ Δͱ෮߸ԽͰ͖ΔΑ͏ʹͳΔ • openssl aes-256-cbc -md sha256

    -e -in secret-env-plain -out secret-env-cipher -k $KEY

  10. ϏϧυͰ͖ͨʂ

  11. ·ͱΊ OpenSSLͷόʔδϣϯҧ͍ʹ͸ؾΛ͚ͭΑ͏ʂ

  12. ͓͠·͍