HLSDVD-4: Per Session Stream Encryption



Issue Information

Issue Type: New Feature
 
Priority: Major
Status: Open

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: HLSDVD (HLSDVD)
Resolution: Unresolved

Created: 2015-06-18 19:41:53
Time Spent Working


Description
It's not entirely necessary for the original aim of this project, but should be interesting to implement.

There should be an ability to mark a specific stream as requiring encryption. When a client first requests the manifest for that stream, a session ID and encryption key should be created (in memcache maybe?)

The manifest should then be rewritten to include

- a URL the decryption key can be obtained from (as well as the IV etc)
- Each segment reference should have a query string appended including the session ID

When a segment is requested, the session ID should be extracted and the key used to encrypt the segment on the fly before passing downstream.

The behaviour needs to be sane in terms of what happens if a session ID isn't included in the request for a segment (refuse to serve maybe?)

Also need to make sure that we don't generate a new session ID (and by extension, key) every time the manifest is re-requested.


Toggle State Changes

Activity


Although it won't currently work with Linear streams, a HLS-Stream-Creator has had a Pull Request come in implementing encryption - see HLS-17

Some of the techniques used in it may prove to be a useful reference.