Important: You must use the secure RTMPE protocol with SecureToken when connecting to Wowza Media Server to fully protect content from the latest "Leech" programs:
RTMPE network encryption security in Wowza Media Server 3.1.2 (and earlier) is provided as an AddOn to Wowza Media Server 3.5. You must install this AddOn if you're running Wowza Media Server 3.5. For more information, see How to get Wowza RTMPE AddOn.
Note: Wowza Media Server 2.0 or later is required.
SecureToken is a challenge/response-based security system that, when used in conjunction with RTMPE/RTMPTE, provides a high level of content protection against spoofing threats. Each connection is protected by a random single-use key and a password (shared secret).
The way SecureToken works is that when a client connects to Wowza Media Server, the provided custom module generates a unique key for the pending connection. The generated key is encrypted using a shared secret and is returned as part of the NetConnection.onStatus info object. The client decrypts the unique key using the same shared secret and sends the result back to the custom module. The server then compares this key to the originally generated key. The connection is aborted if the values don't match.
- Download and install Wowza Media Server.
- If you're running Wowza Media Server 3.1.2 or earlier, download the MediaSecurity Addon and copy the file wms-plugin-security.jar from the package /lib folder to the Wowza Media Server installation folder [install-dir]/lib. If you're running Wowza Media Server 3.5 or later, skip this step.
- Create a Wowza Media Server application to use with SecureToken [secureApplication]. For example, to name the application "vod", create the following folders:
- Copy [install-dir]/conf/Application.xml to [install-dir]/conf/vod.
- Open the newly copied [install-dir]/conf/vod/Application.xml file in a text editor and add the ModuleSecureToken module to the bottom of the <Modules> container. Make sure it's above the closing </Modules> tag.
Wowza Media Server 3.5
<Module> <Name>ModuleSecureToken</Name> <Description>ModuleSecureToken</Description> <Class>com.wowza.wms.security.ModuleSecureToken</Class> </Module>
<Module> <Name>ModuleSecureToken</Name> <Description>ModuleSecureToken</Description> <Class>com.wowza.wms.plugin.security.ModuleSecureToken</Class> </Module>
- Add the secureTokenSharedSecret property to the <Properties> container at the bottom of the Application.xml file.
<Property> <Name>secureTokenSharedSecret</Name> <Value>#ed%h0#w@1</Value> </Property>
- Restart Wowza Media Server.
- Download the JW Player 4.1 for Flash source code. JW Player is commercial software.
- Edit [jw-source-code]/com/jeroenwijering/models/RTMPModel.as to change the secure token value (around line 186):
- Open [jw-source-code]/player.fla in Adobe Flash CS3 and select File: Publish to generate a new [jw-source-code]/player.swf file.
- Edit [jw-source-code]/readme.html and change the flashvars param in the script section (around line 60):
<param name="flashvars" value="file=video.flv&image=preview.jpg" />
<param name="flashvars" value="streamer=RTMPE://[wowza-ip-address]/securetoken&file=sample.mp4"/>
Updating the Shared Secret
After you have the above working with the example shared secret, do the following to update the shared secret to your own value:
- Open [install-dir]/conf/vod/Application.xml in a text editor and change the secureTokenSharedSecret property to the new value.
- Restart Wowza Media Server.
- Edit [jw-source-code]/com/jeroenwijering/models/RTMPModel.as to change the string passed to the secureTokenResponse callback to the same value as above, and then use Flash CS3 to republish the player.swf file.
- Click here, if you are having problems or would like to discuss this article.
- Leave a comment below, if there is some aspect of this article you would like to see changed or improved.