Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SRS HLS does support AES128 encryption, right? #1093

Closed
harlanc opened this issue Mar 14, 2018 · 6 comments
Closed

SRS HLS does support AES128 encryption, right? #1093

harlanc opened this issue Mar 14, 2018 · 6 comments
Assignees
@winlinvip
Labels
Feature It's a new feature. TransByAI Translated by AI/GPT.
Milestone
3.0

Comments

@harlanc
Copy link
Contributor

harlanc commented Mar 14, 2018
edited by winlinvip
Loading

nginx-rtmp-module is supported, but it seems that there is no similar option in SRS?

TRANS_BY_GPT3
@harlanc
Copy link
Contributor Author

harlanc commented Apr 6, 2018

#1109

@harlanc harlanc closed this as completed Apr 6, 2018
@winlinvip winlinvip added the Feature It's a new feature. label Jul 30, 2018
@winlinvip winlinvip added this to the srs 3.0 release milestone Jul 30, 2018
@winlinvip winlinvip reopened this Jul 30, 2018
@winlinvip
Copy link
Member

SRS3 feature

@winlinvip
Copy link
Member

winlinvip commented Aug 25, 2018
edited
Loading

You can update the key, for example:

#EXT-X-VERSION:3
#EXT-X-ALLOW-CACHE:YES
#EXT-X-MEDIA-SEQUENCE:13
#EXT-X-TARGETDURATION:15
#EXTINF:10.147, no desc
livestream-13.ts
#EXTINF:10.007, no desc
livestream-14.ts
#EXT-X-KEY:METHOD=AES-128,URI="livestream-15.key",IV=0x175D2375FEBAE7ED8E92A7E6A64F5113
#EXTINF:10.216, no desc
livestream-15.ts
#EXTINF:10.170, no desc
livestream-16.ts
#EXTINF:11.378, no desc
livestream-17.ts
#EXTINF:9.668, no desc
livestream-18.ts

So it will directly request from 15:

image

TRANS_BY_GPT3

winlinvip added a commit that referenced this issue Aug 25, 2018
@winlinvip
Fix #1093, Support HLS encryption. 3.0.42
5945fb5
@winlinvip
Copy link
Member

Merged #1109.

@winlinvip
Copy link
Member

winlinvip commented Aug 25, 2018
edited
Loading

To Use HLS enctyption:

listen              1935;
max_connections     1000;
daemon              off;
srs_log_tank        console;
http_server {
    enabled         on;
    listen          8080;
    dir             ./objs/nginx/html;
}
vhost __defaultVhost__ {
    hls {
        enabled         on;
        hls_fragment    10;
        hls_window      60;
        hls_path        ./objs/nginx/html;
        hls_m3u8_file   [app]/[stream].m3u8;
        hls_ts_file     [app]/[stream]-[seq].ts;
        hls_keys        on;
        hls_fragments_per_key 5;
        hls_key_file     [app]/[stream]-[seq].key;
        hls_key_file_path    ./objs/nginx/html;
    }
    ingest livestream {
        enabled      on;
        input {
            type    file;
            url     ./doc/source.200kbps.768x320.flv;
        }
        ffmpeg      ./objs/ffmpeg/bin/ffmpeg;
        engine {
            enabled          off;
            output          rtmp://127.0.0.1:[port]/live?vhost=[vhost]/livestream;
        }
    }
}

Play HLS with encryption in Safari: http://localhost:8080/live/livestream.m3u8

winlinvip added a commit that referenced this issue Aug 25, 2018
@winlinvip
For #1093, Refine HLS encryption wiki
1e2cca4
@bml1g12
Copy link

bml1g12 commented Jul 3, 2019
edited by winlinvip
Loading

I'm using the following config file:

listen              1935;
max_connections     1000;
daemon              off;
srs_log_tank        console;
http_server {
    enabled         on;
    listen          8080;
    dir             ./objs/nginx/html;
}
vhost __defaultVhost__ {
    hls {
        enabled         on;
        hls_fragment    10;
        hls_window      60;
        hls_path        ./objs/nginx/html;
        hls_m3u8_file   [app]/[stream].m3u8;
        hls_ts_file     [app]/[stream]-[seq].ts;
        hls_keys        on;
        hls_fragments_per_key 5;
        hls_key_file     [app]/[stream]-[seq].key;
        hls_key_file_path    ./objs/nginx/html;
    }
}

And I can access http://192.168.100.66/live/livestream.m3u8 and http://192.168.100.66/live/livestream-50.key successfully, so NGINX is working. When I load the stream in vlc ( http://0.0.0.0/live/livestream.m3u8 or http://192.168.100.66/live/livestream.m3u8 ) however the corresponding .m3u8 file seems to have the wrong path:

#EXT-X-VERSION:3
#EXT-X-ALLOW-CACHE:YES
#EXT-X-MEDIA-SEQUENCE:0
#EXT-X-TARGETDURATION:17
#EXT-X-DISCONTINUITY
#EXT-X-KEY:METHOD=AES-128,URI="./objs/nginx/htmllive/livestream-0.key",IV=0x655D870530FFA94DFE55CD152092C42A
#EXTINF:16.625, no desc
livestream-0.ts

So when I load it in VLC it looks for the non-existent path http://192.168.100.66:80/live/objs/nginx/htmllive/livestream-50.key for the key (it looks in the correct place for the .m3u8 file).

I have tried changing hls_key_file_path (e.g. to ./) but it seems to have no effect on the URI field of the .m3u8 file.

How do I configure the path auto-generated in the .m3u8 URI field?

EDIT RESOLVED: by adding hls_key_url http://0.0.0.0/;

TRANS_BY_GPT3

@winlinvip winlinvip self-assigned this Sep 12, 2021
@lck1115 lck1115 mentioned this issue Jun 24, 2023
Closed
@winlinvip winlinvip changed the title SRS HLS 切片支持AES128 加密么? SRS HLS does support AES128 encryption, right? Jul 28, 2023
@winlinvip winlinvip added the TransByAI Translated by AI/GPT. label Jul 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@winlinvip winlinvip

Labels
Feature It's a new feature. TransByAI Translated by AI/GPT.
Projects
None yet
Milestone
3.0
Development

No branches or pull requests
3 participants
@bml1g12 @winlinvip @harlanc