From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 775D943C26 for ; Wed, 21 Dec 2022 16:01:13 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4D16768B87F; Wed, 21 Dec 2022 18:01:10 +0200 (EET) Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C7667680581 for ; Wed, 21 Dec 2022 18:01:03 +0200 (EET) Received: by mail-ed1-f54.google.com with SMTP id e13so22603011edj.7 for ; Wed, 21 Dec 2022 08:01:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=zX/1KfUZy8H5dcQBPAIdkc6e8p2zljxiswSYZwsMGQk=; b=bwDWggkRRl5WIQLVWhi3ETIYB/s5yAfAn+i5Q681k30FMSpHjbOQPDlO3FgpWX/5qr oXu5k+I3hwFKVmZS4BXK36P9Dr0QBY97reTi8NzsF2vys54A7XSGaTiOK+G4shrjEu3D dgZh6nTIOUWpYp+S73LYGgOUtaNGiZoA5HwNtkXYwO6tmyRsD+p6JOLzgZjvDEUrO+Fn FaUJeQSdOpf8XWDZiZaRtBiFh0x9zEyHAX4LDl9FMP4AfvJYL0qYl3imwpphkioB6qZ8 PL35Bh9wXvuHa8H4hCJ/96K9r9UDIOtEyRzZNDi4mGb8z0GzEG+n4nSIEGTcdoLPinIn 6XFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=zX/1KfUZy8H5dcQBPAIdkc6e8p2zljxiswSYZwsMGQk=; b=s+kdvSVYsqB1dDZ7WmEQr+VTR4bzjMddOcLZQFHvwuWG2YF+3CGxs2kp7A1GayIJCN bRyYc44eiJD2YOlgEXhtYL2DoNKsHJYoxvSizr+lFSQGu1JBucq+msDBbhwNCKpN0iVE qiFsGBZRgL+mau801vZjZKktbdOwA/EOm/tp1q41IoIumr5RtAJmxXQug9CQvWVBhgL3 W9J0ClcN2orDRq1SmNdWAIRDNeBy7dNKlDlrXdqFA52XtRJWDglogZCaR5pNjhabE3HW gVGfyo/v7Dl271nB/7SqDqXKBmTr7+3Ars2mb/y8vj8G9jdAtaYxkeflJN4LWsvdqncg 3rBg== X-Gm-Message-State: AFqh2kp287jm66YIW5LtNF2CpimDdQRNvBZc+XaqyhUUAsyW8+jPvjRp r9kT2NJJWZjv1bUe/ScD/8hrIPXqYzJtaN0rBlkEzGBj6KA= X-Google-Smtp-Source: AMrXdXsZYdN597omUYdH9VSyFlp5jISe38zPx5bx9irxVjR+g7c5b+mSRotnPqkaHyhEHvWBahPhCa0n6cObreSx0Tk= X-Received: by 2002:aa7:c151:0:b0:46b:fb4:6b6f with SMTP id r17-20020aa7c151000000b0046b0fb46b6fmr162774edp.237.1671638462739; Wed, 21 Dec 2022 08:01:02 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Mark Gaiser Date: Wed, 21 Dec 2022 17:00:51 +0100 Message-ID: To: FFmpeg development discussions and patches X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [FFmpeg-devel] Would a crypto file be acceptable? X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On Wed, Dec 21, 2022 at 4:44 PM Mark Gaiser wrote: > Hi, > > The ffmpeg crypto protocol handler [1] allows one to play encrypted media. > > The great thing here is that it allows playback of any media format that > ffmpeg supports! > Have a container format like mkv as an encrypted blob, no problem for the > crypto plugin! > > I'm explicitly mentioning mkv (though there's many more) here because that > isn't possible in HLS/MPD. While those streaming formats handle encryption > too, they are very limited in terms of supported codecs and containers. > > Playback of encrypted data works like this: > ffplay encrypted_file -decryption_key $AES_KEY -decryption_iv $AES_IV > To amend, a more accurate example of how it currently works is this: ffplay crypto://encrypted_file -decryption_key $AES_KEY -decryption_iv $AES_IV > While this works just fine, it's limited in use because the cryptography > details have to be passed on the command line. Applications that might well > support much of ffmpeg functionality can't easily hook into the crypto > functionality. Take KODI for example, it allows playback of many of the > formats ffmpeg supports but anything with crypto just isn't possible. In > fact, anything that requires custom command line arguments isn't possible. > [2] > > My idea is to make a new file format that would be implemented and specced > within [1]. My proposed format would be: > > --- > CRYPTO-VERSION:1 > CRYPTO-KEY:URI:..... > CRYPTO-IV:URI:..... > encrypted_file > --- > > The URI would be a format type identifier where you can choose between URI > (to pass a URL to a key blob), BASE64URL (key encoded as base64url) or HEX. > > The above proposed format should be stored in a file with ".crypto" as > extension. The crypto plugin [1] would then handle that file. The arguments > would be filled based on the "properties" in the file. So for example the > `decryption_key` argument would be populated with the blob returned from > CRYPTO-KEY:URI:. Or with one of the other types. > > The "encrypted_file" would just be passed through ffmpeg's > "ffurl_open_whitelist" like the crypto plugin currently does. Meaning that > the file could be anything ffmpeg supports. > > Playing encrypted media would be as simple as: > ffplay file.crypto > To amend this too. The result should be no need to provide "crypto://". The ffmpeg file format detection should detect that ".crypto" should be handled by the crypto plugin. > > With this mail I'm looking for a confirmation if the above concept would > be allowed as a patch for ffmpeg? And if not, how can I achieve the same > results in a way that would be acceptable? [3] > > Best regards, > Mark Gaiser > > [1] https://github.com/FFmpeg/FFmpeg/blob/master/libavformat/crypto.c > [2] there are plugins to make it possible but then you have the extra > requirement of a plugin > []3 No, not HLS/MPD! They serve a different purpose. Extending them to > serve my purpose is a lost goal to begin with so let's not even go there. > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".