Wowza Community

HLS live streaming secured with HLS - Change key on the fly

Hi, I have multiple live streams on my wowza server. Streams are encrypted with AES-128. I would like to change the encryption key on the fly without resetting the stream or the application.

Is it possible and how?

Thanks guys

Hi,

It’s possible to change the encryption key on the fly when using AES-128 encryption for Apple HLS. For details please see The following article

How to secure Apple HLS streaming using DRM encryption

For key rotation with Cupertino AES-128, you must use the module APIs as discussed in the article.

For live streaming, the onHTTPCupertinoEncryptionKeyLiveChunk() API will get called for each chunk just before the chunk is created.

That is the opportunity for the module to modify the encryption settings to execute the key rotation.

At a minimum you would need to make the following calls into the encInfo container passed to the API:

encInfo.setEncUrl("http://mycompanykeyserver.com/authenticate.aspx"); 
encInfo.setEncKeyBytes(BufferUtils.decodeHexString("123456789ABCDEF123456789ABCDEF12")); 
encInfo.setEncIVBytes(BufferUtils.decodeHexString("FEDCBA9876543210FEDCBA9876543210"));

The encInfo.setEncIVBytes() call is not strictly necessary since IV bytes will be generated automatically (if not provided) based on the chunkId.

Jason