Hi All,
Just wanted to know, is it possible to deploy Apple HLS encryption on wowza server?
If yes, can somebody point me the thread…
Thanks
Thank you for the reply.
Follow the AES guide for each item in the smil, replacing "myStream.sdp" with your actual stream name
what this means? there is no guide to smil and aes setup, if there please point out, i am kinda newbie here (also non technical background), so it would be greatfull if you elaborate (with an example 
)
So in my case it would be ‘livestream1’ or ‘livestream2’ or ‘adaptiveStreaming’ ? also, the playback url will not change for the ipad/iphone right?
My question was, why those php or any other code is required?, the reason i am asking is i couldn’t understand the flow to set up AES.
Thanks for the reply.
I have looked at the internal method, it requires some compiling and all, can we get any ready made module? ( i am not sure of compiling… 
)
Yes it is possible.
You would need the MediaSecurity Addon: https://www.wowza.com/docs/media-security-overview
There is nothing special to do. The streams are encrypted not the smil file
Richard
There are two methods:
https://www.wowza.com/docs/how-to-secure-apple-http-live-streaming-aes-128-external-method)
Either method will encrypt the streams, but the smil file is same
Richard
Follow the AES guide for each item in the smil, replacing “myStream.sdp” with your actual stream name.
PHP and .Net examples are shown, you are not limited to those, feel free to use JSP, python, perl, whatever you are comfortable with.
Richard
You are encrypting each stream: livestream1 and livestream2 in your example. The smil will not change, it stays the same.
The “external” method uses a server page, that’s how it works. The internal method does not use a server page. Use that if you are uncomfortable with php, etc:
Richard
I added the internal method to the Wowza Modules Collection. Review the guide, I made a couple of changes and linked to the collection zip
Richard
Right, if you are able to download and play one of the .ts files in VLC, then it is not encrypted, the AES test.
Make sure you re-started Wowza after adding collection jar. Check the access and error logs for a clue. It is helpful to run Wowza in stand-alone (/bin/startup.bat) when testing so you can see logging.
Richard
We have this guide:
https://www.wowza.com/docs/how-to-request-an-ssl-certificate-from-a-certificate-authority
Richard
Thank you for the reply.
Suppose i have 2 streams coming from adobe fmle (on livestream1, livestream2), and i have HLS working on wowza using the smil file.
Now, how can i deploy apple hls encryption (128 AES) on wowza, i don’t see any specific info related to this on the module link you have provided ( i did referred WowzaMediaServerMediaSecurity_UsersGuide.pdf - but couldn’t get the proper info).
Can anybody be more specifc on what changes to be done on the wowza server to make the existing working hls (using smil file) streaming to be added with AES 128 encryption.
Thanks.
Thank you for the reply.
Can anybody reply with a working example on how to setup? (which section in the document to be deployed to up with apple streaming with encryption), and playing that on ipad/iphone.
Thanks.
Thanks for the reply.
I am receiving 2 streams from mac min with different bitates as livestream1, livestream2. I have created smil file called livestream.smil on the content folder, adptiveStreaming on conf folder, and livestream.smil file has 2 entries like this,
<video src="livestream1" system-bitrate="500000"/>
<video src="livestream2" system-bitrate="300000"/>
Hence
http://my_ip:1935/adptiveStreaming/smil:livestream.smil/playlist.m3u8
plays the stream successfully on my iphone/ipad.
Now, i need to add encryption to them, and referred 2 links provided by Richard,
Which is better? I thought external method. So started configuring the same.
Got stuck here, what should be the command in my case to generate the keygen?
document says
genkey.bat iphone myStream.sdp https://mycompany.com/myStream.php
, since i have adaptiveStreaming as conf, application folder.
Also do i need to use the php or any other code listed there? i mean why is those required? Any changes to the existing playback url need if this is deployed?
Please share your thoughts.
Thanks.
Thanks for the reply.
This works great, what i observe is, after downloading the first playlist which has the links to the different bitrate urls, i downloaded the first url in it (which has some x bitrate), and that url gave me another playlist which has key as well as files. Without appending the key to the urls, i am able to download the ts files and it plays.
Any idea where it went wrong?
First url
http://myip:1935/streaming/smil:livestream.smil/playlist.m3u8
gave me
#EXTM3U
#EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=500000
http://192.168.1.123:1935/streaming/_definst_/livestream1/playlist.m3u8?wowzasessionid=900774545
#EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=300000
http://192.168.1.123:1935/streaming/_definst_/livestream2/playlist.m3u8?wowzasessionid=900774545
then i tried
http://192.168.1.123:1935/streaming/_definst_/livestream1/playlist.m3u8?wowzasessionid=900774545
to download, and it gave me
#EXTM3U
#EXT-X-ALLOW-CACHE:NO
#EXT-X-TARGETDURATION:10
#EXT-X-MEDIA-SEQUENCE:6131
#EXT-X-KEY:METHOD=AES-128,URI="http://192.168.1.123:1935/streaming/_definst_/livestream1/key.m3u8key?wowzasessionid=1386962709"
#EXTINF:4,
media_6131.ts?wowzasessionid=1386962709
#EXTINF:9,
media_6132.ts?wowzasessionid=1386962709
#EXTINF:10,
media_6133.ts?wowzasessionid=138696270
without appending the key or anything, when i tried direct URL, i am able to play the ts files, on the url
http://192.168.1.123:1935/streaming/_definst_/livestream1/media_6131.ts
does this means streams are not encrypted?
Thanks
Thanks for the reply.
Yes. Now i am not able to play the file using VLC. "AES encryption using WOWZA is working "
Now to play the encrypted stream using VLC, i found out these steps :-
- Download the wowza URL (playlist)
$> wget http://192.168.1.123:1935/adaptiveStreaming/smil:livestream.smil/playlist.m3u8
- Display the contents of the file
$> cat playlist.m3u8
#EXTM3U
#EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=500000
http://192.168.1.123:1935/adaptiveStreaming/_definst_/livestream1/playlist.m3u8?wowzasessionid=670450403
#EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=300000
http://192.168.1.123:1935/adaptiveStreaming/_definst_/livestream2/playlist.m3u8?wowzasessionid=670450403
- Download the first/second playlist url
$> wget http://192.168.1.123:1935/adaptiveStreaming/_definst_/livestream1/playlist.m3u8?wowzasessionid=670450403
- Display the contents
$> cat playlist.m3u8?wowzasessionid=670450403
#EXTM3U
#EXT-X-ALLOW-CACHE:NO
#EXT-X-TARGETDURATION:10
#EXT-X-MEDIA-SEQUENCE:95
#EXT-X-KEY:METHOD=AES-128,URI="http://192.168.1.123:1935/adaptiveStreaming/_definst_/livestream1/key.m3u8key?wowzasessionid=670450403"
#EXTINF:9,
media_95.ts?wowzasessionid=670450403
#EXTINF:9,
media_96.ts?wowzasessionid=670450403
#EXTINF:9,
media_97.ts?wowzasessionid=670450403
- wget the key URL
$> wget http://192.168.1.123:1935/adaptiveStreaming/_definst_/livestream1/key.m3u8key?wowzasessionid=670450403
- wget the ts file sequence
$> wget http://10.10.10.47:1935/adaptiveStreaming/_definst_/livestream1/media_95.ts?wowzasessionid=670450403
- Hexdump the key, using
$> cat key.m3u8key?wowzasessionid=670450403 | hexdump -e '16/1 "%02X"'
238EF4477A3ADD32385C584EED6A4B8B
-
Using calc get the HEXADECIMAL Value of “MEDIA-SEQUENCE”, to get IV -> 95 = 5F
-
using openssl decrypt the file
openssl enc -aes-128-cbc -in media_95.ts?wowzasessionid=670450403 -out decr_tmp.ts -d -K 238EF4477A3ADD32385C584EED6A4B8B -iv 0000000000000000000000000000005f
- Now play the file “decr_tmp.ts” using “VLC media player” (which is a decrypted file from media_95.ts?wowzasessionid=670450403 using openssl)
Can anybody point me to the thread to make my key url from http to https?
Thanks