Wowza Community

Encrypt MPEG-DASH track separately

Hi,

How can I use different encryption key for each MPEG-DASH tracks?

For example:

  • key for audio track

  • key for video track

And even better, how to inspect the resolution of current stream so encryption key specific for HD content could be used.

I could not find a way to make it work with:

[PHP]public void onHTTPMPEGDashEncryptionKeyVODChunk(HTTPStreamerSessionMPEGDash httpSession, IHTTPStreamerMPEGDashIndex index, CencInfo cencInfo, long chunkId)[/PHP]

Best Regards,

Chaiwat

Hello Chaiwat

Currently we only support per session encryption. Please see the following for further implementation level details.

Thanks,

Matt

Hi Matt,

So per-session encryption is using the same key for both video and audio tracks, right? (I saw a single call to “onHTTPMPEGDashEncryptionKeyVODChunk” method for each session).

Do you have any plan to support different key for each track? Since Widevine provides HD, SD, and AUDIO key.

Best,

Chaiwat

Hello Chaiwat

The per track encryption is now in our backlog list. There is no timeframe for its inclusion, however.

One thing you did mention was that you’d like to inspect the resolution of the current stream such that encryption key is specific for HD content etc. Since you are defining the source stream names, you could filter on the source stream name in onHTTPMPEGDashEncryptionKeyVODChunk api event handler and provide the corresponding key by it.

Thanks,

Matt

Hi,

There is no update to this backlog feature request. I have passed on your interest. Thanks for the feedback.

Regard,

Andy_E

Any update on this issue?

Widevine is enforcing usage of different track keys for audio and video tracks (see more), so it’s more relevant now.

Widevine would like to reinforce our recommendation of using separate content keys to encrypt each video and audio track. In particular, the emphasis is on using separate content keys for each SD, HD, UHD and Audio stream.

Hi @Matt Young,

In sentence “you could filter on the source stream name in onHTTPMPEGDashEncryptionKeyVODChunk api event handler and provide the corresponding key by it”, by “source stream name”, do you mean the published stream name, like “myStream.smil”, or the source streams for each bitrate, like “myStream_720p”?

If it’s “myStream_720p”, that means we can still apply different keys for different bitrates, and therefore apply different keys for different tracks. Is this understanding correct?

Thanks,
Wendong

As mentioned by @Alexey R, using different encryption keys for SD and HD bitrate variants is a strong recommendation from Widevine. This recommendation comes from the concerns from the content provider on the security of the HD content.

If this is currently not achievable in Wowza streaming engine, for service providers with HD contents, it is a blocking issue, and it will be helpful if you can share the plan on adding this support.

Thanks,

Any response please…

By testing, we confirmed that callback

onHTTPMPEGDashEncryptionKeyLiveChunk

comes once per bitrate source (for each chunk), and by checking parameter “streamName” in the callback we can differentiate different bitrates and apply different keys. This also works for audio if you use a separate source for audio.

However, this doesn’t work for VOD as callback

onHTTPMPEGDashEncryptionKeyVODChunk

comes only once (for each chunk), and there doesn’t seem to be a way to apply different keys.