[FFmpeg-user] HTTP live streaming with aes encrpytion

Luke l1 at newanswertech.com
Wed Jun 18 10:37:13 CEST 2014 

On Wed, 18 Jun 2014, 陈晨 wrote:

>    I'm new to ffmpeg, i got a problem in hls.I want to convert a video
> like mp4 format, to a m3u8 list and a couple of ts file, meanwhile, i want
> to encrypt the hls file in m3u8 with aes.
>    There really is a way to do that , like this
> <http://dryize.wordpress.com/2014/04/02/protected-hls-using-ffmpeg-and-openssl/>.But
> it's so complicated.
>    So, i wonder if ffmpeg have the way to achieve that, or i should just
> the way above.

It's not particularly complicated once encapsulated.  He's using a script to do 
all of the hard work, but he could have done even more with the script.

Basically, you can automate the entire process, probably with something like 
the below.  Put it in a file called makemystream or something like that, change 
the mode to executable, and run with:

makemystream video.mp4 foldername

Where video.mp4 is the video you want to send via HLS, and foldername is the 
name of the folder where you want the playlist and segment files to go.

This is mostly untested, and is just a cleaned up and expanded version of the 
script in the article.  If his encryption doesn't work, neither does this.  But 
it's a start.

#!/bin/bash

# Be warned!!! there is an "rm -r" at the end of this script.  I do not guarantee anything, in particular that (mis)use won't damage something important.
# Use at your own risk!
# Copyright public domain
# Derived from: http://dryize.wordpress.com/2014/04/02/protected-hls-using-ffmpeg-and-openssl/

set -e     # Exit on errors

keyFile='video.key'
vidFile="$1"
playList='list.m3u8'    # Must end with .m3u8!
splitFilePrefix='stream'

# Only run if the video file is readable and is not an irregular file
if [ -f "$vidFile" -a -r "$vidFile" ]; then
# Whole rest of program runs in this if; exits 2 at the end if the above fails.

# If folder exists, add it to our paths
if [ -d "$2" ]; then
outDir="$2"
else    # Try to make the directory
mkdir "$2" || exit 1
outDir="$2"
fi

tempDir="$outDir/.$$_tmp"
keyFile="$outDir/$keyFile"

mkdir $tempDir    # It is deleted later

# Stuff from the original script

openssl rand 16 > $keyFile
# I'm not sure if I have the quoting right on this. If not, try removing the double quotes in the middle.
encryptionKey=`cat $keyFile | hexdump -e '16/1 "%02x"'`

# Here's where I run ffmpeg
ffmpeg -i "$vidFile" -vcodec libx264 -acodec libvo_aacenc -b:v 128k -flags \
-global_header -map 0:0 -map 0:1 -f segment -segment_time 4 -segment_list_size 0 \
-segment_list "$tempDir/$playList" -segment_format mpegts "$tempDir/$splitFilePrefix"%d.ts
# N.B. I question some of those parameters, such as segment_time, but this is not my command.
# I also had to use libfdk_aac instead of libvo_aacenc
# I thought m3u8 playlists needed full URLs, but he doesn't include them.

numberOfTsFiles=`ls "$tempDir/$splitFilePrefix"*.ts | wc -l`

for (( i=1; i<$numberOfTsFiles; i++ ))
do
initializationVector=`printf '%032x' $i`
openssl aes-128-cbc -e -in "$tempDir/$splitFilePrefix"$i.ts \
-out "$outDir/$splitFilePrefix"$i.ts -nosalt -iv $initializationVector -K $encryptionKey
done

# Write something to the middle of the head of the playlist
{
head -4 "$tempDir/$playList"
echo '#EXT-X-KEY:METHOD=AES-128,URI='"$keyFile"
echo '#EXT-X-TARGETDURATION:9'
egrep "$tempDir/$playList" -vie '#EXT-X-TARGETDURATION:' \
| tail -n +5
} > "$outDir/$playList"

# Get rid of the unencrypted files and unmodified playlist
rm -r "$tempDir"

# Close the opening if
else exit 2
fi

More information about the ffmpeg-user mailing list