Wowza Community

HLS AES external - key rotation

With respect to the following article

https://www.wowza.com/docs/how-to-secure-apple-http-live-streaming-aes-128-external-method

is possible to implement a key or vector rotation?

Thanks,

Joe

Hello,

If you would like a rotation, Secure Token probably will be your best bet, since you can set an expiration of the token that’s generated.

Setting up Secure Token

-JasonT

With all due respect Jason, your answer is equivocal. I know about token protection, which is an entirely different technology altogether. I am enquiring about key rotation in AES encryption. This article describes the basic process

https://www.wowza.com/docs/how-to-secure-apple-http-live-streaming-aes-128-external-method

but later articles expand on this

https://www.wowza.com/docs/how-to-secure-apple-hls-streaming-using-drm-encryption

which hint at key and vector rotation.

I ask that you disambiguate.

Specifically, I am trying to rotate the key by rewriting the values in the xxxxx.key file, however the server does not pick up these new values. I have then tried to use the jconsole to see if there was a way of kicking the server to reload the amended key file but I can’t see anything related.

Thanks,

Joe

Hello,

I have looked more into this and you will need to use Server-Side API.

I have not tested this yet, although it’s in this article under “On-the-Fly PlayReady Encryption Using Server-Side API”.

https://www.wowza.com/docs/how-to-secure-apple-hls-streaming-using-drm-encryption

onHTTPCupertinoEncryptionKeyVODChunk or onHTTPCupertinoEncryptionKeyLiveChunk are called for each chunk when it’s created.

In those methods, you can set the key info.

Best,

JasonT