Protected HLS using ffmpeg and openssl

Prabath Perera
Sep 4, 2018 · 2 min read

This will walk you through creating Protected/ Encrypted hls stream using ffmpeg and openssl.

ffmpeg is a complete, cross-platform solution to record, convert and stream audio and video. It includes libavcodec — the leading audio/video codec library.

openssl : The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Protected HLS : is encrypted apple hls. It’s not a complete DRM solution. In this method segment files are encrypted using AES-128 bit

Im using a ubuntu 13.10 box.

Step 1 : Install openssl and ffmpeg

apt-get install openssl ffmpeg

Step 2 : segment your video file for hls playback.

ffmpeg -i $input -vcodec libx264 -acodec libvo_aacenc -b:v 128k -flags -global_header -map 0:0 -map 0:1 -f segment -segment_time 4 -segment_list_size 0 -segment_list list.m3u8 -segment_format mpegts stream%d.ts

Here $input is input video file. This command will create a list of streamxx.ts files and list.m3u8 file. You can open this m3u8 file in a hls supported player or on a android/ios devices through a web service to confirm segments are working. (Note: segments should be on the same folder as m3u8 file)

Step 3 : encrypt the segments. Create following bash script in the same folder and execute it to encrypt segments.

#!/bin/bash

keyFile=”video.key”
openssl rand 16 > $keyFile
encryptionKey=`cat $keyFile | hexdump -e ’16/1 “%02x”‘`

splitFilePrefix=”stream”
encryptedSplitFilePrefix=”enc/${splitFilePrefix}”

numberOfTsFiles=`ls ${splitFilePrefix}*.ts | wc -l`

for (( i=1; i<$numberOfTsFiles; i++ ))
do
initializationVector=`printf ‘%032x’ $i`
openssl aes-128-cbc -e -in ${splitFilePrefix}$i.ts -out ${encryptedSplitFilePrefix}$i.ts -nosalt -iv $initializationVector -K $encryptionKey

done

This will create a ‘enc’ folder and create encrypted segments in that folder.

Step 4 : move/copy video.key and list.m3u8 to enc folder and modify the list.m3u8 as follow (use gedit or notepad),

#EXT-X-MEDIA-SEQUENCE:0
#EXT-X-ALLOW-CACHE:YES
#EXT-X-KEY:METHOD=AES-128,URI=”video.key”
#EXT-X-TARGETDURATION:9

Just insert the bold line and leave the rest as it is.

All done, now simply open the m3u8 file using a supported player or iphone/android device. I tested this successfully on Android 4.3+ and iOS 9+. Good Luck.

Feel free to ask any questions you have


Originally published at dryize.wordpress.com.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade