-
Notifications
You must be signed in to change notification settings - Fork 639
HLS AES Encryption
HLS AES encryption refers to video streaming using HLS protocol where the video files are encrypted by using AES-128 algorithms. There are many types of encryption algorithms, the most commonly used method for HLS is AES-128.
Advanced Encryption Standard (AES) is a block cipher that encrypts and decrypts data in 128-bit blocks. As AES is a symmetric key algorithm, there needs to be a secret key that’s used for both encryption and decryption. That means the broadcaster encrypts the video using the key and the viewer’s browser decrypts it using the same key.
Ant Media Server uses external key_info_file
URL for segment encryption. The first line of key_info_file
specifies the key URI written to the playlist. The key URL is used to access the encryption key during playback. The second line specifies the path to the key file used to obtain the key during the encryption process. The key file is read as a single packed array of 16 octets in binary format. The optional third line specifies the initialization vector (IV) as a hexadecimal string to be used instead of the segment sequence number (default) for encryption. Changes to key_info_file will result in segment encryption with the new key/IV and an entry in the playlist for the new key URI/IV if hls_flags periodic_rekey is enabled.
Key info file format:
key URI
key file path
IV (optional)
Example key URIs:
http://server/file.key
/path/to/file.key
file.key
Example key file paths:
file.key
/path/to/file.key
Example IV:
0123456789ABCDEF0123456789ABCDEF
Key info file example:
http://server/file.key
/path/to/file.key
0123456789ABCDEF0123456789ABCDEF
Firstly, you need to add settings.hlsEncryptionKeyInfoFile
parameter into your application’s configuration file. Let’s assume that you’ve already running Ant Media Server v2.4+ on your server then we’re going to use WebRTCAppEE for enabling HLS AES Encryption.
- Open the following file with your favorite editor
/usr/local/antmedia/webapps/WebRTCAppEE/WEB-INF/red5-web.properties
- Add AES Encryption URI Path by following property to the file above
settings.hlsEncryptionKeyInfoFile={FULL_PATH_OF_DIRECTORY}/hls_aes.keyinfo
For example:
settings.hlsEncryptionKeyInfoFile=https://gist.githubusercontent.com/SelimEmre/0256120ad418e9f3184160da63977f99/raw/37f4ea5f161d89b6d05555b0421945e3237499a0/hls_aes.keyinfo
- Restart the Ant Media Server
sudo service antmedia restart
- Publish any stream and check
<AMS-FOLDER>/webapps/WebRTCAppEE/streams/streamId.m3u8
file. You should seeEXT-X-KEY
parameters as below:
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-TARGETDURATION:2
#EXT-X-MEDIA-SEQUENCE:16
#EXT-X-KEY:METHOD=AES-128,URI="keypathURI/hls_aes.key",IV=0x00000000000000000000000000000000
#EXTINF:1,970000,
streamId_0p0016.ts
#EXTINF:2,010000,
streamId_0p0017.ts
#EXTINF:2,050000,
streamId_0p0018.ts
#EXTINF:1,970000,
streamId_0p0019.ts
#EXTINF:2,090000,
streamId_0p0020.ts
- Introduction
- Quick Start
- Installation
- Publishing Live Streams
- Playing Live Streams
- Conference Call
- Peer to Peer Call
- Adaptive Bitrate(Multi-Bitrate) Streaming
- Data Channel
- Video on Demand Streaming
- Simulcasting to Social Media Channels
- Clustering & Scaling
- Monitor Ant Media Servers with Apache Kafka and Grafana
- WebRTC SDKs
- Security
- Integration with your Project
- Advanced
- WebRTC Load Testing
- TURN Servers
- AWS Wavelength Deployment
- Multi-Tenancy Support
- Monitor Ant Media Server with Datadog
- Clustering in Alibaba
- Playlist
- Kubernetes
- Time based One Time Password
- Kubernetes Autoscaling
- Kubernetes Ingress
- How to Install Ant Media Server on EKS
- Release Tests
- Spaceport Volumetric Video
- WebRTC Viewers Info
- Webhook Authentication for Publishing Streams
- Recording Streams
- How to Update Ant Media Server with Cloudformation
- How to Install Ant Media Server on GKE
- Ant Media Server on Docker Swarm
- Developer Quick Start
- Recording HLS, MP4 and how to recover
- Re-streaming update
- Git Branching
- UML Diagrams