使用 openssl 加密 Apple 的 HTTP 直播
有没有人有幸使用 openssl 获得加密流媒体以与 Apple 的 HTTP Live Streaming 一起使用?看来我已经快到了,但我的视频无法播放,但我在 Safari 中也没有收到任何错误(例如,当我获得密钥时“视频无法播放”或“您无权播放此视频”)错误的)。
#bash script:
keyFile="key.txt"
openssl rand 16 > $keyFile
hexKey=$(cat key.txt | hexdump -e '"%x"')
hexIV='0'
openssl aes-128-cbc -e -in $fileName -out $encryptedFileName -p -nosalt -iv ${hexIV} -K ${hexKey}
#my playlist file:
#EXTM3U
#EXT-X-TARGETDURATION:000020
#EXT-X-MEDIA-SEQUENCE:0
#EXT-X-KEY:METHOD=AES-128,URI="key.txt"
#EXTINF:20, no desc
test.ts.enc
#EXT-X-ENDLIST
我使用这些文档作为指南:
https://datatracker .ietf.org/doc/html/draft-pantos-http-live-streaming
Has anyone had any luck getting encrypted streaming to work with Apple's HTTP Live Streaming using openssl? It seems I'm almost there but my video doesn't play but I don't get any errors in Safari either (like "Video is unplayable" or "You don't have permission to play this video" when I got the key wrong).
#bash script:
keyFile="key.txt"
openssl rand 16 > $keyFile
hexKey=$(cat key.txt | hexdump -e '"%x"')
hexIV='0'
openssl aes-128-cbc -e -in $fileName -out $encryptedFileName -p -nosalt -iv ${hexIV} -K ${hexKey}
#my playlist file:
#EXTM3U
#EXT-X-TARGETDURATION:000020
#EXT-X-MEDIA-SEQUENCE:0
#EXT-X-KEY:METHOD=AES-128,URI="key.txt"
#EXTINF:20, no desc
test.ts.enc
#EXT-X-ENDLIST
I was using these docs as a guide:
https://datatracker.ietf.org/doc/html/draft-pantos-http-live-streaming
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
好吧,我明白了...我的 hexdump 命令是错误的。应该是:
Okay, I figured it out... My hexdump command was wrong. It should be:
如果您有超过 1 个 TS“块”,并且您正在寻找 Apple 加密管道的位精确替代品,还请记住以下几点。默认情况下,Apple 加密工具会更新每个块的 IV(初始化向量)参数,根据 Pantos 规范,这“增加了密码的强度”。
实现这个仅意味着序列号需要以十六进制编码并作为 -iv 参数传递给 openssl:
Also keep in mind the following, if you have more than 1 TS "chunk", and you're looking for a bit-exact replacement for the Apple encryption pipeline. By default, the Apple encryption tool updates the IV (initialization vector) parameter for each of the chunks, which "increases the strength of the cipher," according to the Pantos spec.
Implementing this just means that the sequence number needs to be encoded in hex and passed as the -iv parameter to openssl:
结合上述三个信息(OP、hexdump 的修复和 IV 信息)产生了一个工作解决方案 我们。即:
Combining information from three of the above (the OP, the fix for hexdump and the IV information) yielded a working solution for us. Namely:
不幸的是我没有工具来对此进行实验。看来您仔细遵循了规范。我要做的一件事是嗅探网络,确保将
key.txt文件下载到 Safari。我还会尝试使用 EXT-X-KEY 标签的 IV 属性显式选择 IV,例如Unfortunately I don't have the tools to experiment with this. It looks like you carefully followed the spec. One thing I would do is sniff the network do make sure the
key.txtfile is getting downloaded to Safari. I would also try explicitly picking the IV using the IV attribute of the EXT-X-KEY tag, e.g.