Protected HLS using ffmpeg and openssl
This will walk you through creating Protected/ Encrypted hls stream using ffmpeg and openssl.
ffmpeg is a complete, cross-platform solution to record, convert and stream audio and video. It includes libavcodec — the leading audio/video codec library.
openssl : The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
Protected HLS : is encrypted apple hls. It’s not a complete DRM solution. In this method segment files are encrypted using AES-128 bit
Im using a ubuntu 13.10 box.
Step 1 : Install openssl and ffmpeg
apt-get install openssl ffmpeg
Step 2 : segment your video file for hls playback.
ffmpeg -i $input -vcodec libx264 -acodec libvo_aacenc -b:v 128k -flags -global_header -map 0:0 -map 0:1 -f segment -segment_time 4 -segment_list_size 0 -segment_list list.m3u8 -segment_format mpegts stream%d.ts
Here $input is input video file. This command will create a list of streamxx.ts files and list.m3u8 file. You can open this m3u8 file in a hls supported player or on a android/ios devices through a web service to confirm segments are working. (Note: segments should be on the same folder as m3u8 file)
Step 3 : encrypt the segments. Create following bash script in the same folder and execute it to encrypt segments.
#!/bin/bash
keyFile=”video.key”
openssl rand 16 > $keyFile
encryptionKey=`cat $keyFile | hexdump -e ’16/1 “%02x”‘`splitFilePrefix=”stream”
encryptedSplitFilePrefix=”enc/${splitFilePrefix}”numberOfTsFiles=`ls ${splitFilePrefix}*.ts | wc -l`
for (( i=1; i<$numberOfTsFiles; i++ ))
do
initializationVector=`printf ‘%032x’ $i`
openssl aes-128-cbc -e -in ${splitFilePrefix}$i.ts -out ${encryptedSplitFilePrefix}$i.ts -nosalt -iv $initializationVector -K $encryptionKeydone
This will create a ‘enc’ folder and create encrypted segments in that folder.
Step 4 : move/copy video.key and list.m3u8 to enc folder and modify the list.m3u8 as follow (use gedit or notepad),
#EXT-X-MEDIA-SEQUENCE:0
#EXT-X-ALLOW-CACHE:YES
#EXT-X-KEY:METHOD=AES-128,URI=”video.key”
#EXT-X-TARGETDURATION:9
Just insert the bold line and leave the rest as it is.
All done, now simply open the m3u8 file using a supported player or iphone/android device. I tested this successfully on Android 4.3+ and iOS 9+. Good Luck.
Feel free to ask any questions you have
Originally published at dryize.wordpress.com.
