引用:https://ggicci.me/deploying-an-aes-128-encrypted-http-live-stream-hls/
HTTP Live Streaming (HLS) is an HTTP-based adaptive bitrate streaming communications protocol developed by Apple Inc. and released in 2009.
Some key points of HLS:
- Created by Apple.
- Consists of a playlist/manifest file (e.g. index.m3u8) and segment video files (e.g. index01.ts).
- H264 codec of video + AAC of audio.
- Use HTTP, easily leveraging CDN to reach the widest audience without worring about the bandwidth and firewalls.
- Adaptive streaming, enables changing the quality of the video mid-stream.
- Widely supported across devicies and platforms. PC, mobile, Web, IOS, Andorid, etc.
Preface
Let's start from an sample video, which can be downloaded from vimeo. In this post, we are going to:
- Convert the sample video from MP4 to HLS (a
.m3u8
playlist file and.ts
segment files) with AES-128 encryption method; - Serve the key files on a key server;
- Serve the HLS files on a content server;
- Test the deployment with VLC player and video.js.
🔄 Transcode (MP4 -> HLS)
The original sample video was in .mp4
format. While we need HLS files to serve with. We can use ffmpeg
to do the transcoding.
Without AES-128, we can simply run the following command:
Open sample-noaes.m3u8
with VLC player. You should see it playing well.
With AES-128, we need to firstly generate an encryption key and an optional IV (initialization vector) for the AES algorithm.
And then make a key info file having the following content:
Which is used by ffmpeg
. e.g. enc.keyinfo
:
- The first line is the URI of the key. Which will be written to m3u8 file. And the player will consult this URI for the key to decrypt the segments files while playing.
- The second line is the path to the file containg the encryption/decription key.
- The third line is an optional initialization vector.
Now then, we can feed it to ffmpeg
to do the transcoding again. But this time, we should get an encrypted version of the output:
Open sample.m3u8
with VLC. It won't play. Because VLC tried to retrieve the key file from this URI https://ksm.ggicci.me/e9672408-b38b-4465-ab47-519c554ae402/enc.key as noted in sample.m3u8
. But it failed. Since we don't have this key server ready, yet.
🔑 Start a Key Server
Let's serve our key file enc.key
on a web server and make it accessible from the URI above. Then go back to check if VLC can play this sample.m3u8
.
I recommend using Caddy to start up a web server. Which should be easy to learn. Sample site configuration in the Caddyfile:
Copy file enc.key
to our web server in the path specified by the URI. And open sample.m3u8
again. This time it should work, since the key URI became accessible.
🎞️ Start a Content Server
So far, our encryption key file has been served well on our key server. As long as we move our video content to a web server, too. We can consume our videos online with assistance of video players. We call it a Content Server.
Again, we use Caddy to achieve our goal:
Copy the playlist file and segment files to the web server. Under /sample
folder in my case. And it's now accessible at https://v.ggicci.me/sample/index.m3u8. Try open it with VLC player (Media > Open Network Stream...). It should work like a charm.
📺 Use of video.js
Now that we have set up servers to host our stream. Why not host a video player, too? Thus we can consume our videos through web browsers!
Here we will try video.js - the world's most popular open source HTML5 player framework.
With a little research on its official documentation. We can compose a test HTML like this:
Since we need to read encryption key files from ksm.ggicci.me
on v.ggicci.me
. We will meet CORS problem. Solving it by adding corresponding headers to ksm.ggicci.me
's site configurations:
Visit https://v.ggicci.me/sample to see the result. Also try it with your mobile devices :)
留言列表