Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
SSLって必要ですか〜Let's Encryptを試してみよう
Search
sonson
May 15, 2016
Programming
3
520
SSLって必要ですか〜Let's Encryptを試してみよう
SSLの必要性,Let's Encryptのちょっとした使い方について概観する.
sonson
May 15, 2016
Tweet
Share
More Decks by sonson
See All by sonson
計算グラフのJITコンパイラをLLVM on C++で作ろう
sonsongithub
2
540
LLVMでHalideみたいな計算グラフ+JITを作りたい
sonsongithub
0
1.3k
LLVM Tutorial 02 - わいわいswiftc
sonsongithub
1
370
LLVM Tutorial - わいわいswiftc
sonsongithub
0
290
How to make and publish a Swift playground book for iPad
sonsongithub
5
19k
Swiftで実装するHTML特殊文字の高速処理
sonsongithub
3
7.6k
First step of 3D touch
sonsongithub
0
580
Getting started with 3D Touch
sonsongithub
0
670
Other Decks in Programming
See All in Programming
Jakarta EE meets AI
ivargrimstad
0
160
Duckdb-Wasmでローカルダッシュボードを作ってみた
nkforwork
0
130
Realtime API 入門
riofujimon
0
150
3 Effective Rules for Using Signals in Angular
manfredsteyer
PRO
0
120
ふかぼれ!CSSセレクターモジュール / Fukabore! CSS Selectors Module
petamoriken
0
150
聞き手から登壇者へ: RubyKaigi2024 LTでの初挑戦が 教えてくれた、可能性の星
mikik0
1
130
型付き API リクエストを実現するいくつかの手法とその選択 / Typed API Request
euxn23
8
2.3k
ActiveSupport::Notifications supporting instrumentation of Rails apps with OpenTelemetry
ymtdzzz
1
250
C++でシェーダを書く
fadis
6
4.1k
NSOutlineView何もわからん:( 前編 / I Don't Understand About NSOutlineView :( Pt. 1
usagimaru
0
340
ペアーズにおけるAmazon Bedrockを⽤いた障害対応⽀援 ⽣成AIツールの導⼊事例 @ 20241115配信AWSウェビナー登壇
fukubaka0825
6
2k
タクシーアプリ『GO』のリアルタイムデータ分析基盤における機械学習サービスの活用
mot_techtalk
4
1.5k
Featured
See All Featured
What's new in Ruby 2.0
geeforr
343
31k
How to Ace a Technical Interview
jacobian
276
23k
Scaling GitHub
holman
458
140k
The Pragmatic Product Professional
lauravandoore
31
6.3k
10 Git Anti Patterns You Should be Aware of
lemiorhan
655
59k
Building Adaptive Systems
keathley
38
2.3k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
6.9k
Testing 201, or: Great Expectations
jmmastey
38
7.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
How GitHub (no longer) Works
holman
310
140k
Visualization
eitanlees
145
15k
Gamification - CAS2011
davidbonilla
80
5k
Transcript
͍ͬͯΔਓίʔυॻ͍͍ͯͯͩ͘͞ Tech. Yuichi Yoshida Researcher, DENSO IT Laboratory, Inc. #yidev
@sonson_twit © 2014 DENSO IT Laboratory, Inc., All rights reserved. Redistribution or public display not permitted without written permission from DENSO IT Laboratory, Inc. Let’s Encrypt~SSL~Autolayout
ࣗݾհ • sonson • twitter: sonson_twit • github: sonsongithub •
portfolio • reddift(SwiftͰॻ͍ͨreddit.comͷAPIϥούʔ) • ࣄ • ը૾ೝࣝ/ݕࡧ/ͦΕΛͬͨΞϓϦ • ػցֶशͷ͓ษڧͱ͔ॾʑͱ͔
ࠓͷ༰ • SSLͬͯඞཁͰ͔͢ʙLet’s Encrypt • AutolayoutΛ͍ͬͯΔ͕ɼԶ͏ݶք͔͠Εͳ͍
SSLͬͯඞཁͰ͔͢ʁ Let’s EncryptͰ͍͍ͷ͔ɼѱ͍ͷ͔
໔ ͜ͷൃද༰ɼ٢ా༔ҰͷݸਓతͳݟղͰ͋Γɼ ॴଐ͢ΔஂମͷެࣜతͳݟղͰ͋Γ·ͤΜɽ ·ͨຊൃද༰Λฉ͖ɼͦͷཧղʹج͍ͮͯͦͷຊਓ͕ ͱͬͨԿͳΔߦಈʹΑΔଛʹର͠ɼΛෛ͍·ͤΜɽ Ҏ্ͷ͜ͱΛཧղͰ͖ͳ͍ਓɼ͋Δ͍ड͚ೖΕΒΕͳ͍ਓ ຊൃදΛฉ͘͜ͱ͝ԕྀ͍ͩ͘͞ɽ
None
None
എܠ • iOS9Ҏ߱ɼATSಋೖ͞ΕΔ • σϑΥϧτͰͯ͢https௨৴ʹஔ͖͑ΒΕΔ • iOSͰSSLجຊཁ݅ʹͳΓͭͭ͋Δ • ࣗͰӡ༻͍ͯ͠ΔαʔόͷSSLରԠ •
sonson.jpɼgithub hostingҎ֎ͯ͢SSL • 2tchͷόοΫΤϯυ৽͍͠όʔδϣϯSSL • ͦΜͱ͖ʹ৭ʑษڧͨ͠ • ϝΠϯͷڵຯRSA҉߸ͷֶͩͬͨΜ͕ͩ
എܠ • ͖͔͚ͬ • LINE Bot API • LINE Bot
API • SSL௨৴ඞਢ • Let’s Encryptͩͱ͑ͳ͍ • AWS͔Β͑Δ • SSLͷূ໌ॻ • Կͷҧ͍͕͋Δͷʁ • ҰମɼԿͷͨΊʹඞཁͳͷʁ
SSLͷඞཁੑ • Wi-FiͷηΩϡϦςΟ • httpsͰͳ͍ͱةݥ • DNSͷηΩϡϦςΟ • ѱҙͷ͋ΔDNS •
ηΩϡΞͳDNS͕ͳ͔ͳ͔Ͱͯ͜ͳ͍ • httpͰDNS໊͚ͩͰ૬खΛ֬ೝ͢Δͷةݥ • DNSΫϥοΫʹΑΔͳΓ͢·͠
ѱҙ͋ΔDNSͷڴҖ ΫϥΠΞϯτ %/4 ۜߦ *1 χηۜߦ *1 bank.co.jp 1.1.1.1 bank.co.jp
ѱҙ͋ΔDNSͷڴҖ ΫϥΠΞϯτ ͏ͦͬ͜ %/4 ۜߦ *1 χηۜߦ *1 bank.co.jp 2.2.2.2
bank.co.jp %/4ͷਖ਼ੑΛ νΣοΫ͢Δज़͕ͳ͍
҉߸௨৴ͷ3ཁ݅ • ൿಗ • ୭ʹ౪ΈݟΒΕͳ͍ • શੑ • ୭ʹվ᜵͞Εͳ͍ •
ೝূ • ୭ʹͳΓ͢·͞Εͳ͍
ࠓͷٕज़ͷݶք • ൿಗ • ૉҼղ͕࣮࣌ؒͰղ͔Εͳ͍ݶΓ҆શ • શੑ • SHAͳͲͰ֬อͰ͖Δ •
ೝূ • ࠓͷͱ͜Ζٕज़తʹղܾͰ͖͍ͯͳ͍
ൿಗ • ެ։伴҉߸ํࣜ • RSA҉߸ • కΊΔ伴ɼ։͚Δ伴͕ҟͳΔ҉߸ํࣜ • 伴ͷૹΛղܾͨ͠ʢ͍ͯ͠ΔʣͱݴΘΕΔ •
ར༻͢Δֶ • ૉҼղ͕࣮࣌ؒͰܭࢉͰ͖ͳ͍ • ࢄର࣮࣌ؒͰܭࢉͰ͖ͳ͍
શੑ • MD5, SHA • ͋ΔσʔλͷϋογϡΛ࡞Δ • MD5ͱαΠζͷখ͍͞SHAةݥ • ϋογϡͷੑ࣭
• σʔλΛೖΕΔͱϋογϡ͕ಘΒΕΔ • ೖྗ͕গ͠ͰมΘΔͱϋογϡେ͖͘มΘΔ • σʔλΛվ᜵ͨ݁͠ՌʹରԠ͢ΔϋογϡΛ༧ଌ ͢Δ͜ͱ͍͠ • →ͭ·ΓϋογϡΛ֬ೝ͢Δͱվ᜵͞Ε͍ͯͳ͍ ͔Λ֬ೝͰ͖Δ
ೝূ • ղܾ͢ΔֶతͳΈະͩʹͳ͍
ൿಗͱશੑΛୡͯ͠ ૹ৴ऀ ड৴ऀ ҉߸Խσʔλ ൿಗ ҉߸Խ શੑ վ᜵ෆՄ ड͚औΔ૬ख͕ ୭ͳͷ͔Θ͔Βͳ͍
߈ܸऀ
߈ܸྫ: man in the middle attack(MTM) ૹ৴ऀ தؒऀ ҉߸Խσʔλ ҉߸Խ
վ᜵ෆՄ ۜߦ ҉߸Խσʔλ ೝূͷΈ͕ͳ͍ͱɼ୭ͱ௨৴͍ͯ͠Δ͔ͷ อূ͕ಘΒΕͳ͍
ݱঢ়ͷରࡦʔSSLೝূہ • ೝূہ - Certificate Authority(CA)
ݱঢ়ͷରࡦʔSSLೝূہ ΫϥΠΞϯτ %/4 ۜߦ *1 χηۜߦ *1 bank.co.jp 1.1.1.1 bank.co.jp
ೝূہ ূ໌ॻ ͦΕۜߦͷ ূ໌ॻͰ͢
ݱঢ়ͷରࡦʔSSLೝূہ ΫϥΠΞϯτ %/4 ۜߦ *1 χηۜߦ *1 bank.co.jp 2.2.2.2 bank.co.jp
ೝূہ ূ໌ॻ ͦΕͩΕʁ
OSXʹσϑΥϧτͰೖΔূ໌ॻ
ΦϨΦϨূ໌͕μϝͳཧ༝ • man in the middle attack(MTM)ͷ㕒৯ • ͱ͍͑ɼMTM͘Β͍͍ͬͯͬͯݴ͏ͳΒɼผ ʹΦϨΦϨূ໌ॻͰΑ͍ͱ͍͏͜ͱ
• ΦϨΦϨূ໌ॻͰ͋ͬͯɼͦͷ૬खͱͷ௨৴ͷൿ ಗɼશੑอͨΕΔ
ͳͥೝূ͕͍͠ͷ͔ • ʮ৴͡Δʯͱ͍͏͜ͱͷఆ͕ٛᐆດ͔ͩΒ
ೝূہͷ৴༻ੑ https://www.jp.websecurity.symantec.com/repository/faq/class.html ৴༻ੑຊͷࣾձతͳ৴༻ੑΛಘΔͷͱ ಉ͡ΈͰߏங͍ͯ͠Δ
SSLূ໌ॻʹ͍ͭͯ • ೝূͷͨΊͷΈ • ҉߸Խͱ͔ɼࠜຊతʹؔͳ͍ • ࣮ࡍͷΈ্͋Δ͕ • ͏·͘ղܾ͢Δֶ/ֶతͳΈ͕ະͩͳ͍ •
ೝূہɾূ໌ॻͷΫϥε • ೝূʹ͕͔͔ۚΔ • Let’s EncryptStartSSLʹ৴པੑ͕Γͳ͍ • VerisignͳͲͷCLASS3৴པੑ͕ߴ͍ˠՁ֨ߴ͍
Let’s Encrypt • ແྉͷSSLূ໌ॻ • ϝʔϧΞυϨεͷΈͷূ໌ • ࣗಈߋ৽ͷͨΊͷεΫϦϓτ͞Ε͍ͯΔ • https://github.com/certbot/certbot
• ߋ৽ͷͨΊͷπʔϧ͕ͪΐͬͱલʹ͔Θͬͨ
Έ • certbot͕Let’s Encryptͱ௨৴ͯ͠ূ໌ॻΛൃߦ • apacheͱnginx • ࣗಈͰূ໌ॻͷΠϯετʔϧ·ͰΔΒ͍͠ • ಈ͔ͳ͍ͬͯBBSʹ͔͋ͬͨΒͬͯͳ͍
• webroot • ಛఆͷύεΛҰ࣌తʹ͏ • letsencryptͷύεʹূ໌ॻ͕ίϐʔ͞ΕΔ • standalone • ಛఆͷϙʔτͰμΠϨΫτʹ௨৴͢ΔʢΒ͍͠ʣ • 80ͱ͔͏ͷͰҰ࣌తʹαʔόΛด͡Δඞཁ͕͋Δ • manual • ڵຯͳ͍ͷͰݟͯͳ͍
͜Μ͚ͩͰΑ͍ ./letsencrypt-auto certonly --webroot \\ -w /var/www/example/ \\ -d www.example.com
ใ • ༗ޮظݶ • 90 • Let’s EncryptӡӦ60Ͱߋ৽͢Δ͜ͱΛਪ • ੍ݶ
• ͻͱͭͷIP͔ΒൃߦͰ͖ΔυϝΠϯ • ͻͱͭͷIP͔ΒൃߦͰ͖Δূ໌ॻͷ • ੍ݶ̓͘Β͍Ͱղআ͞ΕΔ • ೝূہͱͯ͠ • iOS/Windows/OSXʹ৴༻͞Ε͍ͯΔ • ΫϥΠΞϯτʹΑͬͯ৴༻͍ͯ͠ͳ͍ͷͰཁҙ
ࢀߟจݙ • ҉߸શൠ • ݁ߒ, ҉߸ٕज़ೖ • RSA҉߸/ૉपΓ • ϚʔΧεɾσϡɾιʔτΠ,ૉͷԻָ
• ʴͦͷลͷେֶͷઌੜͷαΠτͳͲ
AutolayoutΛ͍ͬͯΔ͕ Զ͏ݶք͔͠Εͳ͍ GUIͷݶք
ݱࡏ࡞ͬͯΔΞϓϦΛྫʹ
Ϗϡʔͷ༁͜Μͳײ͡
Έͳ͞ΜɼͲ͏͍ͬͯͬͯ·͔͢ʁ • Storyboard • Storyboard + xib • ίʔυ
Storyboard ͜ΜͳෳࡶͳϏϡʔΛGUI͔Β ࡞Δͱ͔ෆՄೳ 9999 +1001 3h sonson_twit imgur.com 11 images
Just installed iOS 9.3 Beta without a developer account (iPhone 6S Plus), 3D Touch animation lag gone! Search Sketch 9:41 AM 100%
Storyboard + xib ҙຯෆ໌ த͕Θ͔Βͳ͍
ίʔυ ҙຯෆ໌ ͕ͩσβΠφ͕ ͍ͳ͍ͷͰͳΜͱ͔ͳΔ
ίʔυ ҙຯෆ໌ ͕ͩσβΠφ͕ ͍ͳ͍ͷͰͳΜͱ͔ͳΔ Θ͚ͳ͍
͜͜Ͱɼ͍ٞͨ͠ • AutolayoutɼࠓޙͲ͏͠·͔͢ʁ • Storyboard • Storyboard + xib •
ίʔυ • Ή͠ΖɼAutolayoutΘͳ͍ • έʔε • ҰਓͰझຯͰॻ͘߹ • ਓͷίʔσΟϯάɼنখ͍͞ • ҙঊ/UI/UXͷσβΠφ͍Δنͷେ͖͍
None
·ͱΊ • SSLʹ͍ͭͯͷ෮श • ऍᷟʹઆ๏Ͱ͢Έ·ͤΜ • ৴༻ʹ͓͕͔͔ۚΓ·͢ • SSL͕ԿͷͨΊʹඞཁ͔ɼৗʹߟ͑·͠ΐ͏ •
Let’s Encryptͷ͍ํʹ͍ͭͯ • Autolayout • ٧Μͩ