Actually, yes, I think it is possible: “rotating keys”. However, it is not documented yet. It is on the to-do list, but it probably will not happen until after the holidays.
Richard
I don’t have a time frame for this. Probably after the holidays, but not sure when.
Richard
Dennis,
Have you tried this test to see if AES is working?
https://www.wowza.com/docs/how-to-test-aes-encryption-for-apple-hls-streams
Does it work without AES in place?
Richard
I don’t have experience with Phonegap. Test with playlist.m3u8 URL in a HTML5 video tag, see if that works.
Richard
You have to encrypt each item in the ngrp group, but not the ngrp group itself. Test each one individually.
Richard
You’re welcome, thanks for the update
Richard
akilouise,
No, sorry, I don’t yet.
Richard
But I will ask about it tomorrow
Richard
It still needs to be documented. I don’t have a time frame for this. Check this group of articles:
https://www.wowza.com/docs/wowza-drm
It will show up there when it is published.
Richard
The steps are here:
https://www.wowza.com/docs/how-to-secure-apple-http-live-streaming-aes-128-external-method
Or you can try:
Richard
Thanks,
Richard
It has to be done for each stream in the smil. You don’t do it for the smil itself, which is just a text file the playback client uses to know what streams are available.
Richard
I think you can use the same key for each stream, as I remember in my tests.
Richard
Wowza calls the external script when the HLS session is started. If it does not respond with the key the session will not work.
Richard
Hi Iwata,
I’m not sure what the problem is. Is the .cgi script reachable?
Does streaming work? I assume that AES encryption is not working…?
Richard
Please re-start the edge, then start the origin stream, then test playback without AES encryption enabled. Then re-start again and test playback with AES encryption enabled.
Then zip up and send /conf and /logs folders to support@wowza.com
The two re-starts are important, that will make two clean tests that can be compared.
Richard
You have to use onHTTPCupertinoEncryptionKeyLiveChunk:
public void onHTTPCupertinoEncryptionKeyLiveChunk(ILiveStreamPacketizer liveStreamPacketizer, String streamName, CupertinoEncInfo encInfo, long chunkId, int mode)
{
if (streamName.equals("streamName"))
{
encInfo.setEncMethod(CupertinoEncInfo.METHOD_AES_128);
encInfo.setEncUrl("http://mycompanykeyserver.com/authenticate.aspx");
encInfo.setEncKeyBytes(BufferUtils.decodeHexString("123456789ABCDEF123456789ABCDEF12"));
encInfo.setEncIVBytes(BufferUtils.decodeHexString("FEDCBA9876543210FEDCBA9876543210"));
}
}
This is included in this HLS Encryption guide
It notes that you should not change the key with each chunk, but do it periodically during streaming.
Richard
There is nothing built-in like that, you would have to develop something. Wowza provides the hook for each chunk, you can rotate keys any way you want with that.
Richard
It is compatible. Make sure you have MediaCache working without AES, and make sure you have AES working without MediaCache. Then they should work together.
Richard
With the AES external method you also need a application server to run the .php or .aspx page that is involved. Do you need that? It doesn’t sound like it. The external method allows you to integrate with, for example, a database. If you don’t need that, if you just need easy encryption, take a look at the AES internal method which is much easier to implement.
Richard
