Home/ Questions/Q 642241
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T21:08:59+00:00

I know almost nothing about cryptography, but I would like to figure out how

  • 0

I know almost nothing about cryptography, but I would like to figure out how to encrypt
an HTTP live stream and decrypt it on an iphone.

The apple docs for HTTP encryption read as follows:

Media files containing stream segments may be individually encrypted.
When encryption is employed, references to the corresponding key files
appear in the index file so that the client can retrieve the keys for
decryption.

When a key file is listed in the index file, the key file contains a
cipher key that must be used to decrypt subsequent media files listed
in the index file. Currently HTTP Live Streaming supports AES-128
encryption using 16-octet keys. The format of the key file is a packed
array of these 16 octets in binary format.

The media stream segmenter available from Apple provides encryption
and supports three modes for configuring encryption.

The first mode allows you to specify a path to an existing key file on
disk. In this mode the segmenter inserts the URL of the existing key
file in the index file. It encrypts all media files using this key.

The second mode instructs the segmenter to generate a random key file,
save it in a specified location, and reference it in the index file.
All media files are encrypted using this randomly generated key.

The third mode instructs the segmenter to generate a random key file,
save it in a specified location, reference it in the index file, and
then regenerate and reference a new key file every n files. This mode
is referred to as key rotation. Each group of n files is encrypted
using a different key.

You can serve key files using either HTTP or HTTPS. You may also
choose to protect the delivery of the key files using your own
session-based authentication scheme.

Using encryption method 1, this is what I think I need to do:

  1. generate a key, using a cipher, and make key available to segmenter
  2. segmenter inserts URL of key into index file
  3. store this cipher in iphone (keychain?)
  4. point movie player to URL of m3u8 playlist which references this index file
  5. enter the cipher somehow to automatically decrypt stream?

Can anyone help lift the fog here?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This pretty much nails how to handle encrypted streaming:

    http://developer.apple.com/iphone/library/qa/qa2009/qa1661.html

    Also, the app should connect to the https domain before running the movie,
    so that it can pass its credentials, and these credentials can be cached for
    MPMoviePlayer.

    The player supports digest authentication, but not SSL client authentication using
    client certificates.

    • 0