Dear Wowza forum,
I’m looking for third party comments and help on a specific use case - I’m directly in contact with Wowza on the subject -.
I need to encrypt recorded video files stored on disk. The use of an encrypted filesystem is not good enough for my use case.
Moreover, these encrypted files must be available for streaming.
So I think I need to customize reader/writer in Wowza to implement this strategy.
Is there a way to do this in Wowza ?
Regards,
Christophe.
Hi Christophe,
The simple way to have your files encrypted on disk is to create an encrypted filesysytem, such as TrueCrypt and other similar options. This is transparent to Wowza as it happens at the OS level.
Alternatively another simple option may be to apply a hash to the recorded assets thus making them un-streamable unless you unhashed the files with your secret key.
You mention that you don’t require that these files are made available for streaming, and so a simple extension to the above is to move them out of the streaming directory that Wowza uses. We provide example frameworks for this to move the recordings outside of the StorageDir content directory which will prevent them ever being able to be streamed, encrypted or not.
These are tools outside of Wowza that can be used for many purposes, but if it is to create unplayable streams, then unless they are decrypted (and optionally moved to the StorageDir content directory) then they should be quite safe.
Paul
Hi Paul,
The use of an encrypted disk is not good enough for us: we really need to have a business control of the video file encryption on disk and so, control it directly in our code.
Moreover, these encrypted files must be streamable by Wowza Media server. Our encryption will be normally done by aes encryption.
Please note that the use of an ecrypted filesystem is not good enough because administrators users can have an access to the unencrypted video file when logged; that’s why we required encryption management by our business code.
I think that the best solution for us would to have the possibility to provide custom FileInputStreams/FileOutputStrams to the media readers/writers in Wowza. In this way, we can control how the file is read or write on the filesystem independently of file media formats (mp4/flv/dvr formats).
Per example, provide a FileOutputStream to ILiveStreamRecord object insteadof a filepath. In the same way, provide a FileInputStream for reading.
Christophe.