[Libav-user] My idea towards the digital signature authorization

Zecheng Li lzc199639 at gmail.com
Tue Feb 21 02:37:47 EET 2017


Hi, dear ffmpeg developer and user,

Good evening, I want to talk something about my idea toward putting some
functions in the digital signature authorization in the ffmpeg.

My idea in a nutshell:
1. The normal situation is: When the ffmpeg decode the video content, the
full video will become little segments, and the ffmpeg send those segments
in some sort of rtmp server, (like the nginx server) and the ffplayer got
the address of the rtmp and play the video.

2. So what if there is some hacker that know the address of your rtmp
server,( I am not talking about rtmps, I am talking about if the hacker
knows how to get into the rtmps.) and they use their ffmpeg to send a video
to your server, so there will be a mess, you will maybe play some
dangerous, sensitive or bad content.
    So my idea of this problem is:
First, generate two random digital key,  one public key, one private key.
Using RSA key algorithm (which I already did).
Second, use the private key that we have, to sign each single one of the
little segments, before they arrived the rtmp server.
Third, when it streaming, use the RSA public key to verify the segments, if
verified ok, then play, if there is one that cannot fulfill the
verification, then stop streaming.


So, I have some questions towards this, I am just a random computer science
junior student, I do this for my research, I have no experiences with this
questions.

First, where can I access the video segment file folder? Because I want to
sign them using binary sign by loop, so when I know the video-1.m4s(mp4),
so I can sign the video-100(mp4).
Second, where I should make this process smooth? In the normal situation,
the segment they were send to the server, how can I send the video segments
after signing, to the server?
Third, it seems very complicated if I want to add this functions in the
command line, for instance, I need to add a command called -sign, and
actually if I want to do all this at once, I will have a -verify function
at the same time, so, I actually don't have to do anything with the server
end, all I have to do is configure the ffmpeg? Because those command when
they send to a server, they already start streaming, right? so I cannot do
anything others in the server? or the ffplayer?

I would thank very much if some one can give me some suggestions on this,
because I have confused about this for a long time.



Regards,
Zecheng
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ffmpeg.org/pipermail/libav-user/attachments/20170220/2d9b2c1f/attachment.html>


More information about the Libav-user mailing list