Help

Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
stevelaw18
Visitor
‎11-28-2011 08:09 AM

HLS Decryption Key Retrieval

Our HLS streams are hosted by an external vendor and the playlists are encrypted using AES-128.

When the HLS player parses the EXT-X-KEY field (example below), and attempts to retrieve the key, we either need to be able to have cookies sent along with the request for the key, or be able to append additional query parameters to the URL of the request (e.g. http://somePath/generateKey?id=someId&someOtherParam=something).

EXT-X-KEY:METHOD=AES-128,URI="http://somePath/generateKey?id=someId


Is this possible?
0 Kudos
Reply
4 REPLIES 4
RokuMarkn
Visitor
‎11-28-2011 09:46 AM

Re: HLS Decryption Key Retrieval

Yes, you can put extra parameters in the URI field. Also, any parameters passed to the request for the m3u8 itself are inherited by the key acquisition URL (I believe this is not specified in the HLS spec but it is the way the Apple players work, so we duplicated that functionality).

Also note that there's very little security in either of these methods unless you use https rather than http, if a malefactor is sniffing your traffic.

--Mark
0 Kudos
Reply
streamingguy
Visitor
‎11-28-2011 09:55 AM

Re: HLS Decryption Key Retrieval

Hello Mark,

Do you have any other suggestions to secure the stream? If we use HTTPS, we will not be able to get benefit from CDNs.

Thank you
0 Kudos
Reply
stevelaw18
Visitor
‎11-29-2011 05:22 AM

Re: HLS Decryption Key Retrieval

Thanks Mark. How about having cookies passed when the key request is made? I think I saw a previous post about using the AddHeader method of the video object. Is that correct?
0 Kudos
Reply
RokuMarkn
Visitor
‎11-30-2011 03:29 PM

Re: HLS Decryption Key Retrieval

There are a number of ways to retrieve the key, with varying levels of security. You (the content owner) will of course have to decide on what level of security you are comfortable with. One very secure method using client certificates is outlined in section 4.1 of the Encoding Guide and section 4.25 of the Component Reference. Other methods are possible. I believe that AddHeader on the video object will indeed cause those headers to be passed to the key URL.

--Mark
0 Kudos
Reply
Need Assistance?
Welcome to the Roku Community! Feel free to search our Community for answers or post your question to get help.

Become a Roku Streaming Expert!

Share your expertise, help fellow streamers, and unlock exclusive rewards as part of the Roku Community. Learn more.
Top