Hi.
I have a VOD files where fragments (ts) encrypted with custom key (AES). Key URL is not presented inside m3u8 files, though I need to put it in manually.
Is it possible to use manual AES-key injection in the lib?
theifish
All 6 comments
yes you could override xhrLoader in config.loader, catch key URL request, and provide AES key from another mean.
mangui
on 24 Jan 2017
If someone interested, I did the trick:
- Replaced config.loader with mine code
- Catch manifest success resonse and replace EXT-X-KEY with fake url
- Catch fake key url request and response with custom key
Here is the code (sorry for coffee):
## external crypto key support start
str2ab = (str) ->
buf = new ArrayBuffer(str.length)
bufView = new Uint8Array(buf)
for ind in [0..str.length-1]
bufView[ind] = str.charCodeAt(ind)
return buf
hls.config.__loader = hls.config.loader
hls.config.loader = ->
xhrLoader = new hls.config.__loader(hls)
src = currentSource
if src && src.crypto
xhrLoader._load = xhrLoader.load
xhrLoader.load = ->
if arguments[0].url == 'crypto://decrypt'
src.crypto.key_raw = str2ab(src.crypto.key) if src.crypto.key_raw == undefined
arguments[2].onSuccess.apply(this, [
{data: src.crypto.key_raw, url: arguments[0].url},
{},
arguments[0]
])
else
if arguments[0].type == 'manifest'
onSuccess = arguments[2].onSuccess
arguments[2].onSuccess = ->
arguments[0].data = arguments[0].data.replace(/#EXT-X-KEY[^#]/gm,'#EXT-X-KEY:METHOD=' + src.crypto.method + ',URI=crypto://decrypt\n')
onSuccess.apply(this,arguments)
xhrLoader._load.apply(this, arguments)
return xhrLoader
## external crypto key support end
currentSource example:
{src: '//mydomain/video.m3u8', crypto: {method: 'AES-128', key: 'VeryVerySecretKey'}}
Looks awkwardly, but works.
theifish
on 25 Jan 2017
Do you have complete support for AES-128 playing demo?I'm trying, THX
kityun
on 31 Oct 2017
Good Answer but i have some doubt clearify.
I encrypt m3u8 throgugh ffmpeg. but it plays well but my key is not secure. it expose in hardcoded file file like https://xyz.com/info.key.
How can i secure decryption key without write on harddisk path.
Plz explain full code.
Thanks in Advance
alpatel2008
on 14 Nov 2017
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 16 Jun 2018
Hello- We would like to use this code for our AES-128 encrypted hls.js player. We are not too experienced with js (although we have an encrypted player running now) and had some questions.
- Is crypto a js Library we have to load first?
- Where do we insert the actual key which we used to create the hls chunks in the first place? That needs to replace the EXT-X-KEY URI in the manifest (fake) and injected to the player.
- What are the variables we need to replace in the code with each new video we play? We understand src: in currentSource example, but how about VeryVerySecretKey, is that the actual key we used to encrypt the hls video chunks in the first place?
Thanks
engineer837
on 30 Dec 2018
Related issues
shalommeoded
路
3Comments
ronag
路
4Comments
bharathsn0812
路
4Comments
dan-ziv
路
4Comments
NicholasAsimov
路
3Comments
Most helpful comment
If someone interested, I did the trick:
Here is the code (sorry for coffee):
currentSource example:
{src: '//mydomain/video.m3u8', crypto: {method: 'AES-128', key: 'VeryVerySecretKey'}}Looks awkwardly, but works.