HLSDVD-4: Per Session Stream Encryption

Issue Information

Issue Type: New Feature
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Resolution: Won't Fix (2019-09-09 15:59:53)

Created: 2015-06-18 19:41:53
Time Spent Working

It's not entirely necessary for the original aim of this project, but should be interesting to implement.

There should be an ability to mark a specific stream as requiring encryption. When a client first requests the manifest for that stream, a session ID and encryption key should be created (in memcache maybe?)

The manifest should then be rewritten to include

- a URL the decryption key can be obtained from (as well as the IV etc)
- Each segment reference should have a query string appended including the session ID

When a segment is requested, the session ID should be extracted and the key used to encrypt the segment on the fly before passing downstream.

The behaviour needs to be sane in terms of what happens if a session ID isn't included in the request for a segment (refuse to serve maybe?)

Also need to make sure that we don't generate a new session ID (and by extension, key) every time the manifest is re-requested.

Toggle State Changes


Although it won't currently work with Linear streams, a HLS-Stream-Creator has had a Pull Request come in implementing encryption - see HLS-17

Some of the techniques used in it may prove to be a useful reference.
Bulk Change

Realistically, if I wanted to restart work on this, I'd probably start from scratch, so marking as Won't Fix
btasker changed status from 'Open' to 'Closed'
btasker added 'Won't Fix' to resolution