ciecleci/androidのOpenSSLに気をつけよう

Ad37f739bffa0e38c8461e452cb3a489?s=47 yamacraft
October 27, 2017
Technology
0
440

 ciecleci/androidのOpenSSLに気をつけよう

2017年10月27日(金)に開催されたshibuya.apk #19にて発表した資料になります

Ad37f739bffa0e38c8461e452cb3a489?s=128

yamacraft

October 27, 2017
Tweet

More Decks by yamacraft

See All by yamacraft
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
1k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
1.5k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
2.4k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
4.1k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
3.7k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
600
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
2
1.4k
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
930
Ad37f739bffa0e38c8461e452cb3a489?s=48 yamacraft
0
300

Other Decks in Technology

See All in Technology
5b392dc79d5b6d1dab580bf60e26fb7c?s=48 nitya
0
140
D4b3dfc68675b3564c58e75cef7c9689?s=48 ryoichi_obara
0
530
8aba6de431668fc8d09977c0e33c63c1?s=48 jaguar_imo
4
970
2011382f0f10050fbb5f08e80e2bd125?s=48 akuwano
0
110
40661cda330920ea2a854566ae19bbe9?s=48 wyamazak_uhuru
0
340
C786d7772602b488a7972c38c143f61c?s=48 con_mame
3
1.8k
966e29b84ae7dbde170f66b0bc75b7a6?s=48 ishiayaya
1
200
C64b68250b52ce67490c28110d622603?s=48 reireias
14
3.4k
961126d9892ae4df45249529a0721571?s=48 sugamasao
2
410
A581dece94e3a97b391d3d17b10cf084?s=48 fnario
0
110
2564c99f616f1ecfc0f617a6fe87e2a9?s=48 penguin045
0
140
Bf7fe621f4fe1615c228ef8a79b87282?s=48 shirayanagiryuji
2
110

Featured

See All Featured
Ef32e0b1ac5082450dc8c1fca3a26b5c?s=48 cherdarchuk
66
260k
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
175
14k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
5
530
5f50f94346fbcb23706f0707169317a4?s=48 aarron
254
36k
9128d500301ae51524e887bb680f471d?s=48 caitiem20
305
17k
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
12
1.3k
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
71
7k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
145
19k
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
583
200k
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
219
110k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
447
36k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
190
8.7k

Transcript

  1. circleci/androidͷ OpenSSLʹؾΛ͚ͭΑ͏ @yamacraft

  2. profile • @yamacraft (Wataru Yamada) • Mobile Application Engineer •

    LeadingMark, inc • team Y.G.E.(private) • Ұ෦دߘ → → →

  3. αϯϓϧϓϩδΣΫτ https://github.com/yamacraft/android.RequestPermissions

  4. લஔ͖ • ઌ΄ͲͷϓϩδΣΫτ͸Circle CI 1.0ͰϏϧυ͢Δ࢓૊ΈΛೖ Ε͍ͯͨ • Circle CI 2.0ͩͱϏϧυ΋ૣ͘ͳΔͱฉ͍ͨͷͰɺࢼ͠ʹରԠ

    ͯ͠ΈΑ͏ͱࢥͬͨ • ͪͳΈʹൿಗ৘ใ͸OpenSSLͰ҉߸Խͨ͠ϑΝΠϧʹೖΕͯ ͍Δʢ1.0࣌୅ʹެ͕ࣜҊ಺ͯͨ͠ํ๏Λ࠾༻ʣ • https://github.com/circleci/encrypted-files

  5. Circle CI2.0Ͱઃఆͨ͠಺༰ • image͸ެࣜͷcircleci/androidΛ࢖༻ • OpenSSLͰ҉߸Խͨ͠ϑΝΠϧΛ෮ݩ͠ɺγ εςϜͷ؀ڥม਺ʹ૊ΈࠐΉ • ͋ͱ͸./gradlew build͢Δ͚ͩ

  6. decryptͰ͖ͳ͍…

  7. Ͳ͏ͯ͠… • circleci/android(apt)ͷOpenSSL͸ 1.1.0f • mac OS(homebrew)ͷOpenSSL͸1.0.2l • 1.1.0͔Βޓ׵ੑʹͪΐͬͱ໰୊ʢ࢓༷มߋʣ ͕͋ΔΒ͍͠…

  8. ৄࡉ • OpenSSL1.1.0ͱҎલͷόʔδϣϯͱͷޓ׵ੑ • https://http2.try-and-test.net/openssl1_1_0_tips.html

  9. ͰɺͲ͏ͨ͠ͷʁ • ҉߸ԽϑΝΠϧΛ࡞Δ࣌ʹɺҰํ޲ؔ਺Λ sha256ࢦఆ͢ΔΦϓγϣϯΛࢦఆͯ͠ੜ੒͢ Δͱ෮߸ԽͰ͖ΔΑ͏ʹͳΔ • openssl aes-256-cbc -md sha256

    -e -in secret-env-plain -out secret-env-cipher -k $KEY

  10. ϏϧυͰ͖ͨʂ

  11. ·ͱΊ OpenSSLͷόʔδϣϯҧ͍ʹ͸ؾΛ͚ͭΑ͏ʂ

  12. ͓͠·͍