I am searching for a solution to protect HLS streams with AES encryption. How should i proceed with it?
Hi Komal,
There are two ways to encrypt video delivery with AES encryption:-
-
Use simple AES-128 encryption to encrypt media files and add keyinfo into the HLS playlist. But this method is not very secure since key exchange happens on the web which makes encryption keys vulnerable, anyone with decent knowledge can intercept keys and decrypt your video.
-
Use DRM systems provided by Google, Apple, and Microsoft named Widevine, Fairplay, and Playready where you can encrypt media segments using the key provided by them. Whenever the end user plays video content, the key exchange and decryption happen at a secure hardware level and no one will be able to intercept the key. This kind of security is used by major OTT platforms like Netflix and Hotstar. 1. The only requirement for this kind of DRM system is that your content should be behind a paywall system, it is not available for public videos like TikTok and Instagram. Also, you have to go through a licensing process for it.
-
Make sure the CDN supports safe protocols and has security features in place before using it for video distribution. This covers secure token management, DDoS prevention, and HTTPS support.
You will find more on CDN here:
Is there any way to apply simple AES-128 encryption to the HLS stream with .fmp4 format using FFmpeg?
Currently, FFmpeg only supports AES-128 encryption for HLS streams with .ts format.
There are a few other tools that you can along with FFmpeg to create encrypted HLS streams. You can use FFmpeg for transcoding (generate different resolutions) and one of the following tools for packaging (converting transcoded files to HLS or DASH format).
- Shaka Packager
- Bento4
From my experience, Shaka Packager is easy to deal with compare to Bento4.