Using openssl encryption for Apple's HTTP Live Streaming

Question

Has anyone had any luck getting encrypted streaming to work with Apple's HTTP Live Streaming using openssl? It seems I'm almost there but my video doesn't play but I don't get any errors in Safari either (like "Video is unplayable" or "You don't have permission to play this video" when I got the key wrong).

#bash script:
keyFile="key.txt"
openssl rand 16 > $keyFile
hexKey=$(cat key.txt | hexdump -e '"%x"')
hexIV='0'
openssl aes-128-cbc -e -in $fileName -out $encryptedFileName -p -nosalt -iv ${hexIV}  -K ${hexKey}


#my playlist file:
#EXTM3U
#EXT-X-TARGETDURATION:000020
#EXT-X-MEDIA-SEQUENCE:0
#EXT-X-KEY:METHOD=AES-128,URI="key.txt"
#EXTINF:20, no desc
test.ts.enc
#EXT-X-ENDLIST

I was using these docs as a guide:

http://tools.ietf.org/html/draft-pantos-http-live-streaming

Answer 1

Unfortunately I don't have the tools to experiment with this. It looks like you carefully followed the spec. One thing I would do is sniff the network do make sure the key.txt file is getting downloaded to Safari. I would also try explicitly picking the IV using the IV attribute of the EXT-X-KEY tag, e.g.

#EXT-X-KEY:METHOD=AES-128,URI="key.txt",IV=0x00000000000000000000000000000000

Answer 2

Okay, I figured it out... My hexdump command was wrong. It should be:

hexKey=$(cat key.txt | hexdump -e '16/1 "%02x"')

Answer 3

I have the same question. I can't play encrypted video on iphone, can you tell me how to download the key file and using the key file to decrypt the stream.

Answer 4

Also keep in mind the following, if you have more than 1 TS "chunk", and you're looking for a bit-exact replacement for the Apple encryption pipeline. By default, the Apple encryption tool updates the IV (initialization vector) parameter for each of the chunks, which "increases the strength of the cipher," according to the Pantos spec.

Implementing this just means that the sequence number needs to be encoded in hex and passed as the -iv parameter to openssl:

#!/bin/bash
keyFile="key.txt"
openssl rand 16 > $keyFile
hexKey=$(cat key.txt | hexdump -e '"%x"')
# hexIV='0'
for i in {0..number_of_TS_chunks}
do
    hexIV=`printf '%032x' $i`
    openssl aes-128-cbc -e -in $fileName -out $encryptedFileName -p -nosalt -iv ${hexIV} -K ${hexKey}
done

Answer 5

Combining information from three of the above (the OP, the fix for hexdump and the IV information) yielded a working solution for us. Namely:

openssl rand 16 > static.key

key_as_hex=$(cat static.key | hexdump -e '16/1 "%02x"')

for i in {0..9}; do
    init_vector=`printf '%032x' $i`
    openssl aes-128-cbc -e -in video_low_$(($i+1)).ts -out video_low_enc_$(($i+1)).ts -p -nosalt -iv $init_vector -K $key_as_hex
done

Answer 6

Hi Barry, For some reason I can NOT able to play the stream. It is throwing error. I am on ubuntu.

script :

`openssl rand 16 > static.key`

key_as_hex=$(cat static.key | hexdump -e '16/1 "%02x"') echo ${key_as_hex}

for i in {0..3}; do init_vector=printf '%032x' $i echo ${init_vector} openssl aes-128-cbc -e -in video_low_$(($i+1)).ts -out video_low_enc_$(($i+1)).ts `-p -nosalt -iv $init_vector -K $key_as_hex done

apache log: 1.2.3.1 - - [03/Sep/2010:08:54:44 -0700] "GET /test/index.m3u8 HTTP/1.1" 304 150 "-" "Apple Mac OS X v10.6.4 CoreMedia v1.0.0.10F569" 1.2.3.1 - - [03/Sep/2010:08:54:44 -0700] "GET /test/index.m3u8 HTTP/1.1" 200 609 "-" "Apple Mac OS X v10.6.4 CoreMedia v1.0.0.10F569" 1.2.3.1 - - [03/Sep/2010:08:54:44 -0700] "GET /test/static.key HTTP/1.1" 200 279 "-" "Apple Mac OS X v10.6.4 CoreMedia v1.0.0.10F569" 1.2.3.1 - - [03/Sep/2010:08:54:44 -0700] "GET /test/video_low_enc_1.ts HTTP/1.1" 200 665644 "-" "Apple Mac OS X v10.6.4 CoreMedia v1.0.0.10F569" 1.2.3.1 - - [03/Sep/2010:08:54:45 -0700] "GET /test/video_low_enc_2.ts HTTP/1.1" 200 131328 "-" "Apple Mac OS X v10.6.4 CoreMedia v1.0.0.10F569"

I am getting OSStaus error - 12971.

index.m3u8

EXTM3U

EXT-X-TARGETDURATION:3

EXT-X-MEDIA-SEQUENCE:0

EXTINF:3,

EXT-X-KEY:METHOD=AES-128,URI="http://1.2.3.77/test/static.key"

http ://1.2.3.77/test/video_low_enc_1.ts

EXTINF:3,

http ://1.2.3.77/test/video_low_enc_2.ts

EXTINF:3,

http ://1.2.3.77/test/video_low_enc_3.ts

EXTINF:3,

http ://1.2.3.77/test/video_low_enc_4.ts

EXT-X-ENDLIST

Please let me know if I am doing something wrong.

Thanks and Regards.