Wowza Community

HLS AES external - key rotation

With respect to the following article

is possible to implement a key or vector rotation?




If you would like a rotation, Secure Token probably will be your best bet, since you can set an expiration of the token that’s generated.

Setting up Secure Token


With all due respect Jason, your answer is equivocal. I know about token protection, which is an entirely different technology altogether. I am enquiring about key rotation in AES encryption. This article describes the basic process

but later articles expand on this

which hint at key and vector rotation.

I ask that you disambiguate.

Specifically, I am trying to rotate the key by rewriting the values in the xxxxx.key file, however the server does not pick up these new values. I have then tried to use the jconsole to see if there was a way of kicking the server to reload the amended key file but I can’t see anything related.




I have looked more into this and you will need to use Server-Side API.

I have not tested this yet, although it’s in this article under “On-the-Fly PlayReady Encryption Using Server-Side API”.

onHTTPCupertinoEncryptionKeyVODChunk or onHTTPCupertinoEncryptionKeyLiveChunk are called for each chunk when it’s created.

In those methods, you can set the key info.