Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

SRS HLS does support AES128 encryption, right? #1093

Closed
harlanc opened this issue Mar 14, 2018 · 6 comments
Closed

SRS HLS does support AES128 encryption, right? #1093

harlanc opened this issue Mar 14, 2018 · 6 comments
Assignees
@winlinvip
Labels
Feature It's a new feature. TransByAI Translated by AI/GPT.
Milestone
3.0

Comments

@harlanc
Copy link
Contributor

harlanc commented Mar 14, 2018
edited by winlinvip
Loading

nginx-rtmp-module is supported, but it seems that there is no similar option in SRS?

TRANS_BY_GPT3
@harlanc
Copy link
Contributor Author

harlanc commented Apr 6, 2018

#1109

@harlanc harlanc closed this as completed Apr 6, 2018
@winlinvip winlinvip added the Feature It's a new feature. label Jul 30, 2018
@winlinvip winlinvip added this to the srs 3.0 release milestone Jul 30, 2018
@winlinvip winlinvip reopened this Jul 30, 2018
@winlinvip
Copy link
Member

SRS3 feature

@winlinvip
Copy link
Member

winlinvip commented Aug 25, 2018
edited
Loading

You can update the key, for example:

#EXT-X-VERSION:3
#EXT-X-ALLOW-CACHE:YES
#EXT-X-MEDIA-SEQUENCE:13
#EXT-X-TARGETDURATION:15
#EXTINF:10.147, no desc
livestream-13.ts
#EXTINF:10.007, no desc
livestream-14.ts
#EXT-X-KEY:METHOD=AES-128,URI="livestream-15.key",IV=0x175D2375FEBAE7ED8E92A7E6A64F5113
#EXTINF:10.216, no desc
livestream-15.ts
#EXTINF:10.170, no desc
livestream-16.ts
#EXTINF:11.378, no desc
livestream-17.ts
#EXTINF:9.668, no desc
livestream-18.ts

So it will directly request from 15:

image

TRANS_BY_GPT3

winlinvip added a commit that referenced this issue Aug 25, 2018
@winlinvip
Fix #1093, Support HLS encryption. 3.0.42
5945fb5
@winlinvip
Copy link
Member

Merged #1109.

@winlinvip
Copy link
Member

winlinvip commented Aug 25, 2018
edited
Loading

To Use HLS enctyption:

listen              1935;
max_connections     1000;
daemon              off;
srs_log_tank        console;
http_server {
    enabled         on;
    listen          8080;
    dir             ./objs/nginx/html;
}
vhost __defaultVhost__ {
    hls {
        enabled         on;
        hls_fragment    10;
        hls_window      60;
        hls_path        ./objs/nginx/html;
        hls_m3u8_file   [app]/[stream].m3u8;
        hls_ts_file     [app]/[stream]-[seq].ts;
        hls_keys        on;
        hls_fragments_per_key 5;
        hls_key_file     [app]/[stream]-[seq].key;
        hls_key_file_path    ./objs/nginx/html;
    }
    ingest livestream {
        enabled      on;
        input {
            type    file;
            url     ./doc/source.200kbps.768x320.flv;
        }
        ffmpeg      ./objs/ffmpeg/bin/ffmpeg;
        engine {
            enabled          off;
            output          rtmp://127.0.0.1:[port]/live?vhost=[vhost]/livestream;
        }
    }
}

Play HLS with encryption in Safari: http://localhost:8080/live/livestream.m3u8

winlinvip added a commit that referenced this issue Aug 25, 2018
@winlinvip
For #1093, Refine HLS encryption wiki
1e2cca4
@bml1g12
Copy link

bml1g12 commented Jul 3, 2019
edited by winlinvip
Loading

I'm using the following config file:

listen              1935;
max_connections     1000;
daemon              off;
srs_log_tank        console;
http_server {
    enabled         on;
    listen          8080;
    dir             ./objs/nginx/html;
}
vhost __defaultVhost__ {
    hls {
        enabled         on;
        hls_fragment    10;
        hls_window      60;
        hls_path        ./objs/nginx/html;
        hls_m3u8_file   [app]/[stream].m3u8;
        hls_ts_file     [app]/[stream]-[seq].ts;
        hls_keys        on;
        hls_fragments_per_key 5;
        hls_key_file     [app]/[stream]-[seq].key;
        hls_key_file_path    ./objs/nginx/html;
    }
}

And I can access http://192.168.100.66/live/livestream.m3u8 and http://192.168.100.66/live/livestream-50.key successfully, so NGINX is working. When I load the stream in vlc ( http://0.0.0.0/live/livestream.m3u8 or http://192.168.100.66/live/livestream.m3u8 ) however the corresponding .m3u8 file seems to have the wrong path:

#EXT-X-VERSION:3
#EXT-X-ALLOW-CACHE:YES
#EXT-X-MEDIA-SEQUENCE:0
#EXT-X-TARGETDURATION:17
#EXT-X-DISCONTINUITY
#EXT-X-KEY:METHOD=AES-128,URI="./objs/nginx/htmllive/livestream-0.key",IV=0x655D870530FFA94DFE55CD152092C42A
#EXTINF:16.625, no desc
livestream-0.ts

So when I load it in VLC it looks for the non-existent path http://192.168.100.66:80/live/objs/nginx/htmllive/livestream-50.key for the key (it looks in the correct place for the .m3u8 file).

I have tried changing hls_key_file_path (e.g. to ./) but it seems to have no effect on the URI field of the .m3u8 file.

How do I configure the path auto-generated in the .m3u8 URI field?

EDIT RESOLVED: by adding hls_key_url http://0.0.0.0/;

TRANS_BY_GPT3

@winlinvip winlinvip self-assigned this Sep 12, 2021
@lck1115 lck1115 mentioned this issue Jun 24, 2023
Closed
@winlinvip winlinvip changed the title SRS HLS 切片支持AES128 加密么? SRS HLS does support AES128 encryption, right? Jul 28, 2023
@winlinvip winlinvip added the TransByAI Translated by AI/GPT. label Jul 28, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@winlinvip winlinvip

Labels
Feature It's a new feature. TransByAI Translated by AI/GPT.
Projects
None yet
Milestone
3.0
Development

No branches or pull requests
3 participants
@bml1g12 @winlinvip @harlanc