On Wed, Dec 21, 2022 at 4:44 PM Mark Gaiser <mark...@gmail.com> wrote:
> Hi, > > The ffmpeg crypto protocol handler [1] allows one to play encrypted media. > > The great thing here is that it allows playback of any media format that > ffmpeg supports! > Have a container format like mkv as an encrypted blob, no problem for the > crypto plugin! > > I'm explicitly mentioning mkv (though there's many more) here because that > isn't possible in HLS/MPD. While those streaming formats handle encryption > too, they are very limited in terms of supported codecs and containers. > > Playback of encrypted data works like this: > ffplay encrypted_file -decryption_key $AES_KEY -decryption_iv $AES_IV > To amend, a more accurate example of how it currently works is this: ffplay crypto://encrypted_file -decryption_key $AES_KEY -decryption_iv $AES_IV > While this works just fine, it's limited in use because the cryptography > details have to be passed on the command line. Applications that might well > support much of ffmpeg functionality can't easily hook into the crypto > functionality. Take KODI for example, it allows playback of many of the > formats ffmpeg supports but anything with crypto just isn't possible. In > fact, anything that requires custom command line arguments isn't possible. > [2] > > My idea is to make a new file format that would be implemented and specced > within [1]. My proposed format would be: > > --- > CRYPTO-VERSION:1 > CRYPTO-KEY:URI:..... > CRYPTO-IV:URI:..... > encrypted_file > --- > > The URI would be a format type identifier where you can choose between URI > (to pass a URL to a key blob), BASE64URL (key encoded as base64url) or HEX. > > The above proposed format should be stored in a file with ".crypto" as > extension. The crypto plugin [1] would then handle that file. The arguments > would be filled based on the "properties" in the file. So for example the > `decryption_key` argument would be populated with the blob returned from > CRYPTO-KEY:URI:<url>. Or with one of the other types. > > The "encrypted_file" would just be passed through ffmpeg's > "ffurl_open_whitelist" like the crypto plugin currently does. Meaning that > the file could be anything ffmpeg supports. > > Playing encrypted media would be as simple as: > ffplay file.crypto > To amend this too. The result should be no need to provide "crypto://". The ffmpeg file format detection should detect that ".crypto" should be handled by the crypto plugin. > > With this mail I'm looking for a confirmation if the above concept would > be allowed as a patch for ffmpeg? And if not, how can I achieve the same > results in a way that would be acceptable? [3] > > Best regards, > Mark Gaiser > > [1] https://github.com/FFmpeg/FFmpeg/blob/master/libavformat/crypto.c > [2] there are plugins to make it possible but then you have the extra > requirement of a plugin > []3 No, not HLS/MPD! They serve a different purpose. Extending them to > serve my purpose is a lost goal to begin with so let's not even go there. > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".