Test AES encryptions for HLS streams with the Wowza Video REST API
The Wowza Video™ service allows you to apply AES-128 encryption to HLS streams. This article describes how to test AES encryption by playing a media segment (.ts) file from an encrypted stream in VLC media player. If AES encryption is working correctly, VLC won't be able to play the media segment.
Before you start
You should complete the following tasks:
-
Create a
live stream
or a
transcoder
. You'll need the
resulting
live_stream_idortranscoder_idto schedule a broadcast. View our connect a source topics to learn how to create a live stream or transcoder for RTMP, RTSP, IP camera, SRT encoder, UDP encoder, WebRTC, and Wowza Streaming Engine. - Configure AES-encryption. See Secure HLS streams with AES-128 external encryption using the Wowza Video REST API to learn more.
You should choose between the following two workflows:
-
Decide between the
live stream
or
transcoder
workflow.
See Decide between a live stream or transcoder workflow for more information about these workflows.
Live stream workflow
Live stream workflow
1. Fetch the playback URL
Fetch the HLS playback URL to test the encrypted stream by sending a
GET request to the
/live_streams/[live_stream_id]
endpoint.
You can use the following sample request, making sure to:
-
Set
live_stream_idto theidfor the live stream.
Sample request
curl
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${WV_JWT}" \
-X "GET" \
"${WV_HOST}/api/${WV_VERSION}/live_streams/[live_stream_id]"Sample response
The response includes:
-
An
hls_playback_urlyou'll use to test a media segment file from an encrypted stream in step 3.
{
"live_stream": {
"id": "abcntjvl",
"name": "MyLiveStream",
"transcoder_type": "transcoded",
"billing_mode": "pay_as_you_go",
"broadcast_location": "us_west_california",
"recording": false,
"closed_caption_type": "none",
"low_latency": false,
"encoder": "other_rtmp",
"delivery_method": "push",
"target_delivery_protocol": "hls-https",
...
"player": {
"id": "ly4rnpyt",
"type": "wowza_player",
"responsive": true,
"countdown": false,
"embed_code": "in_progress",
"hls_playback_url": "https://[wowzasubdomain].wowza.com/1/abcdTnJwZEpwXYZa/aBcDeGd1/hls/live/playlist.m3u8",
...
}
}
} 2. Start the live stream
- Start your video source.
-
Start your live stream.
curl -X PUT \ -H "Authorization: Bearer ${WV_JWT}" \ "${WV_HOST}/api/${WV_VERSION}/live_streams/[live_stream_id]/start" -
Check the state to make sure the live stream started.
curl -X GET \ -H "Authorization: Bearer ${WV_JWT}" \ "${WV_HOST}/api/${WV_VERSION}/live_streams/[live_stream_id]/state"
3. Test a media segment file from the encrypted stream
-
View the playlist file using the
hls_playback_urlfrom step 1.Sample request
curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/playlist.m3u8Sample response
#EXTM3U #EXT-X-VERSION:3 #EXT-X-KEY:METHOD=AES-128,URI="mykey" #EXT-X-STREAM-INF:BANDWIDTH=2761081,CODECS="avc1.100.31,mp4a.40.2",RESOLUTION=1280x720 ../pldjp4q7/2728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1900046,CODECS="avc1.77.40,mp4a.40.2",RESOLUTION=854x480 ../pldjp4q7/1728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1348954,CODECS="avc1.77.32,mp4a.40.2",RESOLUTION=640x360 ../pldjp4q7/1152/chunklist.m3u8 -
Copy the file path for one of the chunklists and append it to the
playback URL.
Sample request
curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/chunklist.m3u8Sample response
#EXTM3U #EXT-X-VERSION:3 #EXT-X-TARGETDURATION:11 #EXT-X-MEDIA-SEQUENCE:1 #EXT-X-KEY:METHOD=AES-128,URI="mykey #EXT-X-PROGRAM-DATE-TIME:2020-03-05T17:13:06.546Z #EXTINF:10.166, 0001lx7l/media_1.ts #EXTINF:10.133, 0001lx7l/media_2.ts #EXTINF:10.133, 0001lx7l/media_3.ts #EXTINF:10.2, -
Copy the file path for one of the media segments and append it the
chunklist path. Use the
--outputflag to download the file to your computer.curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/0001lx7l/media_2.ts --output media_2.ts - Open the media segment file in VLC media player. If the file is encrypted correctly, VLC won't be able to play it.
Transcoder workflow
Transcoder workflow
1. Fetch the playback URL
Fetch the HLS stream target associated with the transcoder to get the
HLS playback URL by sending a
GET request to the
/fastly/[stream_target_id]
endpoint.
You can use the following sample request, making sure to:
-
Set
stream_target_idto thestream_target_idfrom theoutput_stream_targetresponse.
Sample request
curl -X GET \
-H "Authorization: Bearer ${WV_JWT}" \
"${WV_HOST}/api/${WV_VERSION}/stream_targets/fastly/[stream_target_id]"Sample response
The response includes:
-
An HLS playback
urlinplayback_urlsyou'll use to test a media segment file from an encrypted stream in step 3.
{
"stream_target_fastly": {
"id": "abc45lfyz",
"name": "My Wowza CDN on Fastly Stream Target",
"state": "activated",
"stream_name": "9a00105a",
"playback_urls": {
"hls": [
{
"name": "default",
"url": "https://[wowzasubdomain].wowza.com/1/TWhoL3BiZnJXMFhmNzZVN3JrZDAwUT09/ZmYxSXRrTERrUlk9/hls/live/playlist.m3u8"
}
]
},
"token_auth_enabled": false,
"token_auth_playlist_only": false,
"geoblock_enabled": true,
"geoblock_by_location": "allow",
"geoblock_country_codes": "DE, US",
"geoblock_ip_override": "deny",
"geblock_ip_addresses": "77.12.34.567, 78.23.45.678",
"force_ssl_playback": false,
"created_at": "2020-03-02T20:38:31.560Z",
"updated_at": "2020-03-05T11:41:38.560Z"
}
} 2. Start the transcoder
- Start your video source.
-
Start the transcoder.
Sample request
curl -X PUT \ -H "Authorization: Bearer ${WV_JWT}" \ "${WV_HOST}/api/${WV_VERSION}/transcoders/[transcoder_id]/start" -
Fetch the state of the transcoder to confirm that it’s started.
Sample request
curl -X GET \ -H "Authorization: Bearer ${WV_JWT}" \ "https://api.video.wowza.com/api/[version]/transcoders/[transcoder_id]/state"
3. Test a media segment file from the encrypted stream
-
View the playlist file using the
hls_playback_urlfrom step 1.Sample request
curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/playlist.m3u8Sample response
#EXTM3U #EXT-X-VERSION:3 #EXT-X-KEY:METHOD=AES-128,URI="mykey" #EXT-X-STREAM-INF:BANDWIDTH=2761081,CODECS="avc1.100.31,mp4a.40.2",RESOLUTION=1280x720 ../pldjp4q7/2728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1900046,CODECS="avc1.77.40,mp4a.40.2",RESOLUTION=854x480 ../pldjp4q7/1728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1348954,CODECS="avc1.77.32,mp4a.40.2",RESOLUTION=640x360 ../pldjp4q7/1152/chunklist.m3u8 -
Copy the file path for one of the chunklists and append it to the
playback URL.
Sample request
curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/chunklist.m3u8Sample response
#EXTM3U #EXT-X-VERSION:3 #EXT-X-TARGETDURATION:11 #EXT-X-MEDIA-SEQUENCE:1 #EXT-X-KEY:METHOD=AES-128,URI="mykey #EXT-X-PROGRAM-DATE-TIME:2020-03-05T17:13:06.546Z #EXTINF:10.166, 0001lx7l/media_1.ts #EXTINF:10.133, 0001lx7l/media_2.ts #EXTINF:10.133, 0001lx7l/media_3.ts #EXTINF:10.2, -
Copy the file path for one of the media segments and append it the
chunklist path. Use the
--outputflag to download the file to your computer.curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/0001lx7l/media_2.ts --output media_2.ts - Open the media segment file in VLC media player. If the file is encrypted correctly, VLC won't be able to play it.