CDNetworks Documentation Media Acceleration Live Broadcast Product Features Secure HLS Streams with AES-128
Secure HLS Streams with AES-128
Last update:2023-08-17 15:44:06
With CDNetworks’ Media Acceleration Live Broadcast service, you can secure your HLS streams using AES-128 encryption. This article outlines the steps to configure AES-128 encryption for your HLS stream.
Encrypt HLS Stream
To encrypt your stream, start by sending a request with your stream URI, encryption key, key URL, etc., as demonstrated below.
Request Example
curl -i --url "http://ca.haplat.net/wslive/drm/manage.action?n=$username&r=$currentTimeStamp&k=$k" \
-X "POST" \
-H "Content-Type: application/json" \
-d '{
"Host":"streampull.cdnetworks.com",
"data":[
{
"Stream":"live/stream1",
"Action":"add",
"Method":"aes-128",
"Key":"123456789",
"Uri":"http://livestream-aes.com/testaeskey",
"Expire":"1850092464"
}
]
}'
Parameters and Headers
| Parameter/Header | Required | Description |
|---|---|---|
| Host | Yes | Stream pull domain. |
| n | Yes | Your account name. |
| r | Yes | A unique random string with maximum length of 13, it’s recommended to use timestamp. |
| k | Yes | MD5 authentication value. k = md5 (r + apikey), that is, to obtain the value of ‘k’, append the string apikey to the end of the string ‘r’, and then perform an MD5 calculation on the resulting string. Note: The apikey can be retrieved from the customer service. For example, 1. Request and get apikey=012f37a3f2952 2. Randomly generate string r=1409284800 3. Append the apikey to the end of ‘r’, producing the string '1409284800012f37a3f2952’ 4. Calculate the MD5 hash of the new string to obtain the value of ‘k’, which is ‘b9fed80be752551834eec3e52fa94115’ |
Request Body
The request body needs to be in JSON format. You can create a JSON object that includes the information provided below.
| Item | Required | Description |
|---|---|---|
| Stream | Yes | Application name or along with the stream name, for example, “/”, “live” and “live/livestream”. Note: Only Top-level application name is allowed. |
| Action | Yes | Actions type. Support three types of values: “add”, ”update” and “del”. |
| Method | No | Encryption algorithm, ase-128 or AES-128. |
| Key | Yes | Key value. |
| Uri | Yes | Key URL. |
| Expire | No | Key expiration date represented by a Linux timestamp in seconds, for example: 1646720000. Note that if the expiration date is not specified, the encryption key will remain valid for a maximum of 7 days. After the key expires, the streaming will no longer be encrypted. |
Error Codes
| HTTP Code | Description |
|---|---|
| 400 | Missing parameters of n, r, k or any required field in request body. |
| 403 | Incorrect k value. |
| 404 | Incorrect URI. |
| 405 | The request method is not POST. |
| 5xx | Internal server error. |
Example of response
{
"msg": true,
"code": 200,
"callTime": "2023-04-13 16:35:45"
}
Test AES Encryption
If AES encryption is functioning properly, your stream will be encrypted, preventing the player from playing back the media segment. You can verify this by following these steps:
- Copy the playback URL and paste it in the web browser address bar.
http://pullaes128.cdnetworks.com/test/a5ebdd290182100039a7236800000000/playlist.m3u8
- Save the playlist file to your computer. If the stream has been encrypted successfully, you will see a header of EXT-X-KEY in the playlist file:
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-ALLOW-CACHE:NO
#EXT-X-TARGETDURATION:4
#EXT-X-MEDIA-SEQUENCE:69
#EXT-X-KEY:METHOD=AES-128,URI="https://cloudvodtest0622.cdnetworks.com/cloudv-material/**********************",IV=0x313233343536******************
#EXTINF:3.989,
1661944371.ts?wsApp=HLS&wsMonitor=0
#EXTINF:3.968,
1661944372.ts?wsApp=HLS&wsMonitor=0
#EXTINF:3.989,
1661944373.ts?wsApp=HLS&wsMonitor=0
- Copy the path for one of the TS files. Then substitute the playlist path “playlist.m3u8” with the TS file path “1661944371.ts?wsApp=HLS&wsMonitor=0” in the playback URL. For example:
http://pullaes128.cdnetworks.com/test/a5ebdd290182100039a7236800000000/1661944371.ts?wsApp=HLS&wsMonitor=0
- Save the TS file and open it in a player. The player will not be able to play it due to the encryption.
Is the content of this document helpful to you?
Yes
I have suggestion