stevelaw18
Visitor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2011
08:09 AM
HLS Decryption Key Retrieval
Our HLS streams are hosted by an external vendor and the playlists are encrypted using AES-128.
When the HLS player parses the EXT-X-KEY field (example below), and attempts to retrieve the key, we either need to be able to have cookies sent along with the request for the key, or be able to append additional query parameters to the URL of the request (e.g. http://somePath/generateKey?id=someId&someOtherParam=something).
Is this possible?
When the HLS player parses the EXT-X-KEY field (example below), and attempts to retrieve the key, we either need to be able to have cookies sent along with the request for the key, or be able to append additional query parameters to the URL of the request (e.g. http://somePath/generateKey?id=someId&someOtherParam=something).
EXT-X-KEY:METHOD=AES-128,URI="http://somePath/generateKey?id=someId
Is this possible?
4 REPLIES 4

RokuMarkn
Visitor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2011
09:46 AM
Re: HLS Decryption Key Retrieval
Yes, you can put extra parameters in the URI field. Also, any parameters passed to the request for the m3u8 itself are inherited by the key acquisition URL (I believe this is not specified in the HLS spec but it is the way the Apple players work, so we duplicated that functionality).
Also note that there's very little security in either of these methods unless you use https rather than http, if a malefactor is sniffing your traffic.
--Mark
Also note that there's very little security in either of these methods unless you use https rather than http, if a malefactor is sniffing your traffic.
--Mark
streamingguy
Visitor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2011
09:55 AM
Re: HLS Decryption Key Retrieval
Hello Mark,
Do you have any other suggestions to secure the stream? If we use HTTPS, we will not be able to get benefit from CDNs.
Thank you
Do you have any other suggestions to secure the stream? If we use HTTPS, we will not be able to get benefit from CDNs.
Thank you
stevelaw18
Visitor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2011
05:22 AM
Re: HLS Decryption Key Retrieval
Thanks Mark. How about having cookies passed when the key request is made? I think I saw a previous post about using the AddHeader method of the video object. Is that correct?

RokuMarkn
Visitor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-30-2011
03:29 PM
Re: HLS Decryption Key Retrieval
There are a number of ways to retrieve the key, with varying levels of security. You (the content owner) will of course have to decide on what level of security you are comfortable with. One very secure method using client certificates is outlined in section 4.1 of the Encoding Guide and section 4.25 of the Component Reference. Other methods are possible. I believe that AddHeader on the video object will indeed cause those headers to be passed to the key URL.
--Mark
--Mark