The Wowza Streaming Cloud™ service allows you to apply AES-128 encryption to HLS streams. This article describes how to test AES encryption by playing a media segment (.ts) file from an encrypted stream in VLC media player. If AES encryption is working correctly, VLC won't be able to play the media segment.
Note: For instructions on configuring AES-128 encryption, see Secure HLS streams with AES-128 external encryption using the Wowza Streaming Cloud REST API.
Live stream workflow
To test a stream created through the live stream workflow, do the following:
Fetch the playback URL
Fetch the HLS playback URL for the encrypted stream.
curl -X GET \
-H "wsc-api-key: ${WSC_API_KEY}" \
-H "wsc-access-key: ${WSC_ACCESS_KEY}" \
"${WSC_HOST}/api/${WSC_VERSION}/live_streams/[live_stream_id]"
This command returns live stream details, including the player_hls_playback_url.
{
"live_stream": {
"id": "abcntjvl",
"name": "MyLiveStream",
"transcoder_type": "transcoded",
"billing_mode": "pay_as_you_go",
"broadcast_location": "us_west_california",
"recording": false,
"closed_caption_type": "none",
"low_latency": false,
"encoder": "other_rtmp",
"delivery_method": "push",
"target_delivery_protocol": "hls-https",
...
"player_id": "ly4rnpyt",
"player_type": "wowza_player",
"player_responsive": true,
"player_countdown": false,
"player_embed_code": "in_progress",
"player_hls_playback_url": "https://[wowzasubdomain].wowza.com/1/abcdTnJwZEpwXYZa/aBcDeGd1/hls/live/playlist.m3u8",
...
}
}
Start the live stream
- Start your video source.
- Start the live stream.
curl -X PUT \ -H "Content-Type: application/json" \ -H "wsc-api-key: ${WSC_API_KEY}" \ -H "wsc-access-key: ${WSC_ACCESS_KEY}" \ "${WSC_HOST}/api/${WSC_VERSION}/live_streams/[live_stream_id]/start" - Fetch the state of the live stream to confirm that it’s started.
curl -X GET \ -H "wsc-api-key: ${WSC_API_KEY}" \ -H "wsc-access-key: ${WSC_ACCESS_KEY}" \ "https://api.cloud.wowza.com/api/[version]/live_streams/[live_stream_id]/state"This command returns the live stream state.
{ "live_stream": { "state": "started", "ip_address": "34.211.17.129" } }
Test a media segment file from the encrypted stream
- Use cURL to view the playlist file.
curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/playlist.m3u8
The results should look something like:
#EXTM3U #EXT-X-VERSION:3 #EXT-X-KEY:METHOD=AES-128,URI="mykey" #EXT-X-STREAM-INF:BANDWIDTH=2761081,CODECS="avc1.100.31,mp4a.40.2",RESOLUTION=1280x720 ../pldjp4q7/2728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1900046,CODECS="avc1.77.40,mp4a.40.2",RESOLUTION=854x480 ../pldjp4q7/1728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1348954,CODECS="avc1.77.32,mp4a.40.2",RESOLUTION=640x360 ../pldjp4q7/1152/chunklist.m3u8 - Copy the file path for one of the chunklists and append it to the playback URL.
curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/chunklist.m3u8
The results should look something like:
#EXTM3U #EXT-X-VERSION:3 #EXT-X-TARGETDURATION:11 #EXT-X-MEDIA-SEQUENCE:1 #EXT-X-KEY:METHOD=AES-128,URI="mykey #EXT-X-PROGRAM-DATE-TIME:2020-03-05T17:13:06.546Z #EXTINF:10.166, 0001lx7l/media_1.ts #EXTINF:10.133, 0001lx7l/media_2.ts #EXTINF:10.133, 0001lx7l/media_3.ts #EXTINF:10.2, - Copy the file path for one of the media segments and append it the chunklist path. Use the --output flag to download the file to your computer.
curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/0001lx7l/media_2.ts --output media_2.ts - Open the media segment file in VLC media player. If the file is encrypted correctly, VLC won't be able to play it.
Transcoder workflow
To test a stream created through the transcoder workflow, do the following:
Fetch the playback URL
For streams created through the transcoder workflow, the HLS playback URL can be found by fetching the Fastly or Akamai - HLS stream target associated with the transcoder.
- Fetch a Wowza CDN on Fastly stream target:
curl -X GET \ -H "wsc-api-key: ${WSC_API_KEY}" \ -H "wsc-access-key: ${WSC_ACCESS_KEY}" \ "${WSC_HOST}/api/${WSC_VERSION}/stream_targets/fastly/[stream_target_id]"This command returns transcoder details, including the playback_url.
{ "stream_target_fastly": { "id": "abc45lfyz", "name": "My Wowza CDN on Fastly Stream Target", "state": "activated", "stream_name": "9a00105a", "playback_url": "https://[wowzasubdomain].wowza.com/1/TWhoL3BiZnJXMFhmNzZVN3JrZDAwUT09/ZmYxSXRrTERrUlk9/hls/live/playlist.m3u8", "token_auth_enabled": false, "token_auth_playlist_only": false, "geoblock_enabled": true, "geoblock_by_location": "allow", "geoblock_country_codes": "DE, US", "geoblock_ip_override": "deny", "geblock_ip_addresses": "77.12.34.567, 78.23.45.678", "force_ssl_playback": false, "created_at": "2020-03-02T20:38:31.560Z", "updated_at": "2020-03-05T11:41:38.560Z" } } - Fetch a Wowza CDN on Akamai - HLS stream target:
curl -X GET \ -H "wsc-api-key: ${WSC_API_KEY}" \ -H "wsc-access-key: ${WSC_ACCESS_KEY}" \ "${WSC_HOST}/api/${WSC_VERSION}/stream_targets/akamai/[stream_target_id]"This command returns transcoder details, including the playback_url.
{ "stream_target_akamai": { "created_at": "2020-03-02T20:38:31.559Z", "id": "ABC45lfyz", "name": "My Wowza Stream Target", "provider": "akamai_cupertino", "use_secure_ingest": false, "use_cors": false, "stream_name": "9a00105a", "primary_url": "http://post.wowzasandbox3-i.akamaihd.net/252232/9a00105a", "hls_playback_url": "https://wowzasandbox3-i.akamaihd.net/hls/live/252232/9a00105a/playlist.m3u8", "connection_code": "456fcc", "connection_code_expires_at": "2020-03-06T20:38:31.559Z", "updated_at": "2020-03-05T11:32:32.559Z" } }
Start the transcoder
- Start your video source.
- Start the transcoder.
curl -X PUT \ -H "wsc-api-key: ${WSC_API_KEY}" \ -H "wsc-access-key: ${WSC_ACCESS_KEY}" \ "${WSC_HOST}/api/${WSC_VERSION}/transcoders/[transcoder_id]/start" - Fetch the state of the transcoder to confirm that it’s started.
curl -X GET \ -H "wsc-api-key: ${WSC_API_KEY}" \ -H "wsc-access-key: ${WSC_ACCESS_KEY}" \ "https://api.cloud.wowza.com/api/[version]/transcoders/[transcoder_id]/state"This command returns the transcoder state.
{ "transcoder": { "ip_address": "1.2.3.4", "state": "started", "uptime_id": "abcd1234" } }
Test a media segment file from the encrypted stream
- Use cURL to view the playlist file.
curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/playlist.m3u8
The results should look something like:
#EXTM3U #EXT-X-VERSION:3 #EXT-X-KEY:METHOD=AES-128,URI="mykey" #EXT-X-STREAM-INF:BANDWIDTH=2761081,CODECS="avc1.100.31,mp4a.40.2",RESOLUTION=1280x720 ../pldjp4q7/2728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1900046,CODECS="avc1.77.40,mp4a.40.2",RESOLUTION=854x480 ../pldjp4q7/1728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1348954,CODECS="avc1.77.32,mp4a.40.2",RESOLUTION=640x360 ../pldjp4q7/1152/chunklist.m3u8 - Copy the file path for one of the chunklists and append it to the playback URL.
curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/chunklist.m3u8
The results should look something like:
#EXTM3U #EXT-X-VERSION:3 #EXT-X-TARGETDURATION:11 #EXT-X-MEDIA-SEQUENCE:1 #EXT-X-KEY:METHOD=AES-128,URI="mykey #EXT-X-PROGRAM-DATE-TIME:2020-03-05T17:13:06.546Z #EXTINF:10.166, 0001lx7l/media_1.ts #EXTINF:10.133, 0001lx7l/media_2.ts #EXTINF:10.133, 0001lx7l/media_3.ts #EXTINF:10.2, - Copy the file path for one of the media segments and append it the chunklist path. Use the --output flag to download the file to your computer.
curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/0001lx7l/media_2.ts --output media_2.ts - Open the media segment file in VLC media player. If the file is encrypted correctly, VLC won't be able to play it.
