[FFmpeg-devel] Would a crypto file be acceptable?

Tomas Härdin git at haerdin.se
Mon Dec 26 12:58:38 EET 2022 

fre 2022-12-23 klockan 17:31 +0100 skrev Mark Gaiser:
> On Fri, Dec 23, 2022 at 12:05 PM Tomas Härdin <git at haerdin.se> wrote:
> 
> > ons 2022-12-21 klockan 16:44 +0100 skrev Mark Gaiser:
> > > Hi,
> > > 
> > > The ffmpeg crypto protocol handler [1] allows one to play
> > > encrypted
> > > media.
> > > 
> > > The great thing here is that it allows playback of any media
> > > format
> > > that
> > > ffmpeg supports!
> > > Have a container format like mkv as an encrypted blob, no problem
> > > for
> > > the
> > > crypto plugin!
> > > 
> > > I'm explicitly mentioning mkv (though there's many more) here
> > > because
> > > that
> > > isn't possible in HLS/MPD. While those streaming formats handle
> > > encryption
> > > too, they are very limited in terms of supported codecs and
> > > containers.
> > > 
> > > Playback of encrypted data works like this:
> > > ffplay encrypted_file -decryption_key $AES_KEY -decryption_iv
> > > $AES_IV
> > > 
> > > While this works just fine, it's limited in use because the
> > > cryptography
> > > details have to be passed on the command line. Applications that
> > > might well
> > > support much of ffmpeg functionality can't easily hook into the
> > > crypto
> > > functionality. Take KODI for example, it allows playback of many
> > > of
> > > the
> > > formats ffmpeg supports but anything with crypto just isn't
> > > possible.
> > > In
> > > fact, anything that requires custom command line arguments isn't
> > > possible.
> > 
> > This sounds like business logic. Fix KODI instead. Much of this can
> > also be handled by any competent OS at the filesystem layer.
> > 
> 
> Then M3U as a format is business logic too.
> HLS and MPD are business logic too.
> At least, based on your comment, they would fall into that same
> category.
> 
> The difference between those formats and my suggestion?
> M3U -> playback of very specific formats
> "crypto" -> playback of anything ffmpeg supports
> 
> M3U has a file format.
> crypto has none.
> 
> Say a hypothetical streaming service

Having to invent hypotheticals does not really help your case. The ipfs
gateway debacle is still fresh.

That we want to avoid having keys in the command line is not
unreasonable. A -keyfile argument for crypto: might be appropriate.

/Tomas

More information about the ffmpeg-devel mailing list