preface
Recently, there is a requirement to encrypt the video resources on the server and provide them for the client to play, preventing users from stealing the video.
Common encryption methods
M3u8 Slice encryption (used in this paper)
Slicing, a technique widely used by various online video streaming sites, also uses AES encryption algorithms.
Advantages: all kinds of browsers, mobile phones, small programs can be compatible, versatility is very good. Disadvantages: because it is a public algorithm, restore is also very simple, there are a lot of audio and video sniffing tools can directly download restore, encryption effect is very weak, small white can prevent, better than nothing. Anti-copy: None
File stream encryption
Use xOR or AES file stream encryption to process file data. Dynamic decryption of the corresponding data to memory and then play.
Advantages: Encryption and decryption speed is very fast. Disadvantages: must use the special player to decrypt, encryption strength is weak, professional crack personnel can write tools instant extraction. Anti-copy: Through the player, APP
Video transcoding is encrypted frame by frame
Encryption is the strongest but also the most difficult technology to implement. The software reads the internal code of the source video and converts it frame by frame to private code, usually based on H264 to private protocols (i.e., non-standard H264 algorithms).
Advantages: Due to the use of private video coding protocol, unless familiar with the internal video coding rules, otherwise no cracking or extraction is possible, high security. However, this encryption method requires high technical requirements for developers and is less used by companies. Disadvantages: you must use a dedicated player to decrypt, and the encryption process is similar to video transcoding, which requires a long encryption time. Anti-copy: Through the player, APP
Environmental requirements
VLC player
openssl
ffmpeg
The principle of
The core principle is to explain how to change a video source from normal MP4 format to encrypted M3U8 file + TS file +key key file, and then use VLC to play.
The experiment
Use OpenSSL to generate the key
Openssl rand 16 >Copy the codeFor example, openssl rand 16 > D:\ openSSL_key \encrypt.key
Generation IV
openssl rand -hex 16
Copy the codeIt generates a string, which we’ll use later
The case generated string: 10 c27a9e3fa363dfe4c44b59b67304b3
Write the keyinfo file
http://localhost:8000/encrypt.key
D:\openssl_key\encrypt.key
10c27a9e3fa363dfe4c44b59b67304b3
Copy the codeThere are three pieces of information
The first paragraph: decrypt file path, must be URI, used to decrypt the video file
The second paragraph: is the encrypted file path
Paragraph 3: The IV generated earlier
FFmpeg slices and encrypts the video
ffmpeg -y -i D:\openssl_key\test.mp4 -c:v libx264 -c:a copy -f hls -hls_time 180 -hls_list_size 0 -hls_key_info_file D:\openssl_key\enc.keyinfo -hls_playlist_type vod -hls_segment_filename D:\openssl_key\file%d.ts D:\openssl_key\playlist.m3u8
Copy the codeCommand Parameter Description
| The command parameter | explain |
|---|---|
| -y | Without confirmation, the output directly overwrites the file with the same name. |
| -c | Designated encoder |
| -c copy | Copy directly, without recoding (this is faster) |
| -i | Specify input file |
| -title | Set the title |
| -author | Set the author |
| -copyright | Set the copyright |
| -f | Force the input and output file formats to be set. By default ffMPEG determines the file format based on the file name extension |
| -hls_key_info_file | Keyinfo File path |
| -hls_time | Length of time per section of file (in seconds) |
| -hls_list_size 0 | The default maximum number of columns for an indexed playlist is 5,0 is unlimited |
| -hls_playlist_type vod | Indicates that the current video stream is not a live stream, but an on-demand stream |
| -hls_segment_filename | Output a space between the ts and m3u8 file paths, for example, D:\ openSSL_key \ file%d. TS D:\ openSSL_key \playlist.m3u8 |
%d: indicates a digit, starting from 0.
Final Execution result
The final generated file
M3u8 file
#EXTM3U #EXT-X-VERSION:3 #EXT-X-TARGETDURATION:183 #EXT-X-MEDIA-SEQUENCE:0 #EXT-X-PLAYLIST-TYPE:VOD #EXT-X-KEY:METHOD=AES-128,URI="http://localhost:8000/encrypt.key",IV=0x10c27a9e3fa363dfe4c44b59b67304b3 Ts #EXTINF:31.958333, file1.ts #EXTINF:31.958333, file1.ts # ext-x-endListCopy the codeFile content parsing
#EXTM3U M3U8 file header, must be in the first line; # ext-x-media-sequence Specifies the SEQUENCE number of the first TS fragment. This SEQUENCE number is usually 0, but in the live broadcast scenario, this SEQUENCE number identifies the starting position of the live segment. # ext-x-media-sequence :0 # ext-x-targetDuration Maximum duration of each fragment TS; # ext-x-targetDuration :10 The maximum length of each fragment is 10s # ext-x-allow-cache Whether CACHE is allowed; # ext-x-allow-cache :YES # ext-x-allow-cache :NO Default is YES # ext-x-endList M3U8 file end; #EXTINF extra info, fragment TS information, such as length, bandwidth, etc. [<title>] can be followed by other information. Before the comma is the ts duration of the current shard. The shard duration should move less than the value defined by # ext-x-targetDuration. # ext-x-version M3U8 VERSION # ext-x-Discontinuity This tag indicates that there is an interruption between the previous slice and the next slice. # ext-x-playlist-type specifies the TYPE of streaming media. # ext-x-key; # EXT - X - KEY: METHOD = AES - 128, URI = "https://priv.example.com/key.php?r=52" encryption is AES - 128, the secret KEY to request https://priv.example.com/key.php?r=52, request return stored in local;Copy the codeconclusion
This article briefly describes how to use FFmpeg to generate TS slices of video and encrypt them using AES-128.
Windows installation openssl
Windows installation ffmpeg