1 | # Encrypted HTTP Live Streaming
|
2 | The [HLS spec](http://tools.ietf.org/html/draft-pantos-http-live-streaming-13#section-6.2.3) requires segments to be encrypted with AES-128 in CBC mode with PKCS7 padding. You can encrypt data to that specification with a combination of [OpenSSL](https://www.openssl.org/) and the [pkcs7 utility](https://github.com/brightcove/pkcs7). From the command-line:
|
3 |
|
4 | ```sh
|
5 | # encrypt the text "hello" into a file
|
6 | # since this is for testing, skip the key salting so the output is stable
|
7 | # using -nosalt outside of testing is a terrible idea!
|
8 | echo -n "hello" | pkcs7 | \
|
9 | openssl enc -aes-128-cbc -nopad -nosalt -K $KEY -iv $IV > hello.encrypted
|
10 |
|
11 | # xxd is a handy way of translating binary into a format easily consumed by
|
12 | # javascript
|
13 | xxd -i hello.encrypted
|
14 | ```
|
15 |
|
16 | Later, you can decrypt it:
|
17 |
|
18 | ```sh
|
19 | openssl enc -d -nopad -aes-128-cbc -K $KEY -iv $IV
|
20 | ```
|