Support HLS identity key format #2146

ksuhiyp · 2019-09-16T14:48:23Z

I am getting 4026 err code for mp4 cenc encrypted

packager args

`in=${transcodedFilesMap.get('mp4_360p')},stream=audio,output=${audioPath},drm_label=AUDIO,playlist_name=audio.m3u8 \\
        in=${transcodedFilesMap.get('mp4_360p')},stream=video,output=${mp4_360p_protectedPath},drm_label=SD,playlist_name=mp4_360p.m3u8 \\
        in=${transcodedFilesMap.get('mp4_480p')},stream=video,output=${mp4_480p_protectedPath},drm_label=SD,playlist_name=mp4_480p.m3u8 \\
        in=${transcodedFilesMap.get('mp4_720p')},stream=video,output=${mp4_720p_protectedPath},drm_label=HD,playlist_name=mp4_720p.m3u8 \\
        --hls_base_url  https://s3-eu-west-1.amazonaws.com/dash-hls-adaptive/${lecture.id}/packagedFiles/ \\
    --clear_lead 0 \\
    --enable_raw_key_encryption \\
    --keys label=AUDIO:key_id=${ENV.AUDIO_KEY_ID}:key=${ENV.AUDIO_KEY},label=SD:key_id=${ENV.SD_KEY_ID}:key=${ENV.SD_KEY},label=HD:key_id=${ENV.HD_KEY_ID}:key=${ENV.HD_KEY} \\
    --protection_scheme cenc \\
   --hls_master_playlist_output ${manifestPath}`

Player DRM config:


this.player.configure({
      drm: {
        clearKeys: {
          // correct keys
          'abba271e8bcf552bbd2e86a434a9a5d9': '69eaa802a6763af979e8d1940fb88392',
          '6d76f25cb17f5e16b8eaef6bbf582d8e': 'cb541084c99731aef4fff74500c12ead',
          'f3c5e0361e6654b28f8049c778b23946': 'a4631a153a443df9eed0593043db7519'
          // wrong keys
          // 'wrongkeywrongkeywrongkey':'abcd1234abcd1234abcd1234',
        }
      }
    });

The text was updated successfully, but these errors were encountered:

ksuhiyp · 2019-09-16T14:51:42Z

TheModMaker · 2019-09-16T19:44:38Z

It looks like we don't support the clear-key format that Shaka Packager uses. It probably won't be too hard to add support for it. It has a tag format like this:

#EXT-X-KEY:METHOD=SAMPLE-AES-CTR,URI="data:text/plain;base64,bXbyXLF/Xha46u9rv1gtjg==",KEYFORMAT="identity"

ksuhiyp · 2019-09-16T21:38:10Z

Shall I add that tag to the manifest?, When I do I get 4016

TheModMaker · 2019-09-16T21:48:23Z

That tag is already in your manifest, we don't support it currently. We only support Widevine encryption in HLS.

ismena · 2019-09-16T22:42:38Z

@ksuhiyp
You're doing everything right, it's our fault that we don't have support for this.
@TheModMaker tagged the issue as an enhancement for us to work on.

ksuhiyp · 2019-09-17T11:43:07Z

@ismena thank you, I hope this feature added soon

ksuhiyp · 2020-05-03T22:04:40Z

@joeyparrish @kqyang @TheModMaker Ok, I knew it that I had to build a DRM server from the beginning, can I just generate a self license without using widevine or any other 3rdparty license authority? If yes where I can read more on the technichal design specs of such service, general instructions are appreciated

joeyparrish · 2020-05-04T21:41:36Z

@ksuhiyp, I don't understand your question about building a DRM server. For us to support the identity key format in HLS, that is not at all necessary.

If you want to decrypt content with Widevine, that requires a Widevine license server under some agreement with Widevine. https://www.widevine.com/contact

ksuhiyp · 2020-05-05T01:29:52Z

@joeyparrish I mean key server other than clear keys but not widevine licensed, something like a custom made key server to decrypt content

joeyparrish · 2020-05-05T03:22:24Z

Decryption happens in the client, not the server. Your limiting factor will be the DRM clients available in various browsers. Chrome and Firefox have Widevine & ClearKey clients. Edge and IE have PlayReady clients. Safari has a FairPlay client. The license protocol understood by each client is different.

The ClearKey system is public and documented in the EME spec: https://www.w3.org/TR/encrypted-media/#clear-key-request-format

But that won't help you with HLS identity key format support, for what it's worth.

joeyparrish · 2020-05-27T22:24:41Z

@sbbullet, this is the original issue for the "identity" key format.

If anyone on this issue is interested to contribute, we would be happy to review a PR for this feature! Thanks for your help!

sbbullet · 2020-05-28T15:12:08Z

Thank you @joeyparrish. I think only Apple's interest in supporting ClearKey would provide synergy to anyone who can contribute. Anyway, thank you for your response.

ksuhiyp · 2020-05-28T22:59:03Z

Dear @joeyparrish, can you highlight on how to start contributing for this feature like places to read in the docs and whether upstream support from apple is required

joeyparrish · 2020-05-28T23:09:40Z

I would have to double-check what Safari supports, but ClearKey support would be required in the browser. This content should be playable in both Chrome and Firefox, though, which both have ClearKey CDMs. I haven't checked, but I expect new Chromium-based Edge would support it, as well.

You can check this page in any browser to see what it supports: https://shaka-player-demo.appspot.com/support.html At the bottom, you would see something like this is ClearKey is supported:

    "org.w3.clearkey": {
      "persistentState": false
    },

And this if it's not:

    "org.w3.clearkey": null,

As for contributing, I would guess that the relevant source files are:

lib/hls/hls_parser.js
externs/shaka/manifest.js
possibly lib/media/drm_engine.js

The HLS parser needs to be able to parse the identity key format, which would be registered in shaka.hls.HlsParser.KEYFORMATS_TO_DRM_PARSERS_. This parser would have to return a shaka.extern.DrmInfo object, which is defined in externs/shaka/manifest.js. This would indicate ClearKey (org.w3.clearkey) as the key system. The structure would then be consumed by DrmEngine.

DrmEngine already has a private method for creating a ClearKey DrmInfo based on a config. You could make it public and generalize it to take input from the HLS parser, too. It works by turning key IDs and keys into a data: URI for the license server, which effectively lets the player inject keys directly in ClearKey license format without an external server. See configureClearKey_ in lib/media/drm_engine.js.

Use ./build/all.py and ./build/test.py to check your work before submitting a PR, and please let us know if you have other questions or need more guidance. The Closure Compiler can be a pain sometimes, but it's based on jsdoc syntax, which isn't too bad, and it really does help catch a lot of mistakes at compile time.

Thanks so much!

ksuhiyp · 2020-07-16T19:15:55Z

Dear @joeyparrish, on macbook safari org.w3.clearkey: null, does that mean I should not be involved in a contribution to solve this issue since it is an upstream issue. If not, I am a little bit hazed about the process of solving this issue, is there a similar approach in dash parser that can be followed to be implemented in hls parser? can you give me 30 minutes call to set me in the context of the operation?

ksuhiyp · 2020-07-16T20:04:31Z

@joeyparrish

You could make it public and generalize it to take input from the HLS parser, too. It works by turning key IDs and keys into a data: URI for the license server

can you please give more explanation, what do you mean by generalizing it to take input from HLS ?. till the moment I am imposing that I have to create a method in hls_parser.js that functions like widevineDrmParser_ in hls_parser.js. then head to drm_engine.js to modify configureClearKey_ to take input from hls_parser, but I am not sure what hls_parser requires here to modify?

joeyparrish · 2022-08-29T18:08:02Z

The "identity" key format is implicitly supported on AES-128 full-segment encryption, but support is still missing for SAMPLE-AES.

joeyparrish · 2022-08-29T18:59:09Z

Looking into adding support for METHOD=SAMPLE-AES, KEYFORMAT=identity through ClearKey, and it doesn't look like a good match. The ClearKey CDM requires a map of key IDs to keys, but HLS playlists don't provide the key ID.

It is possible that we will only be able to parse the tag and allow it through, but won't be able to automatically fetch the key and configure ClearKey for you. In this case, you would have to use this.player.configure('drm.clearKeys': { ... }) to provide the key ID to key mapping for SAMPLE-AES content to use the identity key format.

This feature is not entirely automatic. The ClearKey CDM requires a key-id to key mapping. HLS doesn't provide a key ID anywhere. So although we could use the 'URI' attribute to fetch the actual 16-byte key, without a key ID, we can't provide this automatically to the ClearKey CDM. Instead, the application will have to use `player.configure('drm.clearKeys', { ... })` to provide the key IDs and keys or `player.configure('drm.servers.org\.w3\.clearkey', ...)` to provide a ClearKey license server URI. Closes shaka-project#2146

This feature is not entirely automatic. The ClearKey CDM requires a key-id to key mapping. HLS doesn't provide a key ID anywhere. So although we could use the 'URI' attribute to fetch the actual 16-byte key, without a key ID, we can't provide this automatically to the ClearKey CDM. Instead, the application will have to use `player.configure('drm.clearKeys', { ... })` to provide the key IDs and keys or `player.configure('drm.servers.org\.w3\.clearkey', ...)` to provide a ClearKey license server URI. Closes #2146

…t#4451) This feature is not entirely automatic. The ClearKey CDM requires a key-id to key mapping. HLS doesn't provide a key ID anywhere. So although we could use the 'URI' attribute to fetch the actual 16-byte key, without a key ID, we can't provide this automatically to the ClearKey CDM. Instead, the application will have to use `player.configure('drm.clearKeys', { ... })` to provide the key IDs and keys or `player.configure('drm.servers.org\.w3\.clearkey', ...)` to provide a ClearKey license server URI. Closes shaka-project#2146

ksuhiyp added the type: question A question from the community label Sep 16, 2019

TheModMaker added type: enhancement New feature or request component: HLS The issue involves Apple's HLS manifest format and removed type: question A question from the community labels Sep 16, 2019

TheModMaker added this to the Backlog milestone Sep 16, 2019

joeyparrish modified the milestones: Backlog, Backlog 2 Jan 28, 2020

joeyparrish changed the title ~~HLS RAW key encryption 4026 err~~ Support HLS identity key format May 1, 2020

joeyparrish mentioned this issue May 1, 2020

Common System protection not working for m3u8 playlists shaka-project/shaka-packager#760

Closed

TheModMaker mentioned this issue May 26, 2020

HLS ClearKey implementation not working. #2588

Closed

joeyparrish added the flag: seeking PR We are actively seeking PRs for this; we do not currently expect the core team will resolve this label May 27, 2020

barbibulle mentioned this issue Aug 15, 2020

I ask for help with doubt about DASH + HLS with DRM axiomatic-systems/Bento4#470

Open

michellezhuogg added gsoc and removed flag: seeking PR We are actively seeking PRs for this; we do not currently expect the core team will resolve this labels Mar 24, 2021

joeyparrish added this to To do in HLS Improvements Sep 13, 2021

joeyparrish removed the gsoc label Sep 27, 2021

theodab added the priority: P3 Useful but not urgent label Sep 30, 2021

joeyparrish moved this from To do to In progress in HLS Improvements Aug 18, 2022

joeyparrish assigned theodab and unassigned theodab Aug 18, 2022

joeyparrish moved this from In progress to To do in HLS Improvements Aug 18, 2022

joeyparrish self-assigned this Aug 29, 2022

joeyparrish moved this from To do to In progress in HLS Improvements Aug 29, 2022

joeyparrish mentioned this issue Aug 29, 2022

feat: Add limited support for HLS "identity" key format #4451

Merged

joeyparrish closed this as completed in #4451 Aug 30, 2022

github-actions bot mentioned this issue Aug 30, 2022

chore(main): release 4.3.0 #4424

Merged

avelad modified the milestones: Backlog, v4.3 Aug 30, 2022

avelad moved this from In progress to Done in HLS Improvements Aug 30, 2022

github-actions bot added the status: archived Archived and locked; will not be updated label Oct 29, 2022

github-actions bot locked as resolved and limited conversation to collaborators Oct 29, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support HLS identity key format #2146

Support HLS identity key format #2146

ksuhiyp commented Sep 16, 2019

ksuhiyp commented Sep 16, 2019

TheModMaker commented Sep 16, 2019

ksuhiyp commented Sep 16, 2019 •

edited

TheModMaker commented Sep 16, 2019

ismena commented Sep 16, 2019

ksuhiyp commented Sep 17, 2019

ksuhiyp commented May 3, 2020 •

edited

joeyparrish commented May 4, 2020

ksuhiyp commented May 5, 2020

joeyparrish commented May 5, 2020

joeyparrish commented May 27, 2020

sbbullet commented May 28, 2020

ksuhiyp commented May 28, 2020

joeyparrish commented May 28, 2020

ksuhiyp commented Jul 16, 2020

ksuhiyp commented Jul 16, 2020 •

edited

joeyparrish commented Aug 29, 2022

joeyparrish commented Aug 29, 2022

Support HLS identity key format #2146

Support HLS identity key format #2146

Comments

ksuhiyp commented Sep 16, 2019

ksuhiyp commented Sep 16, 2019

TheModMaker commented Sep 16, 2019

ksuhiyp commented Sep 16, 2019 • edited

TheModMaker commented Sep 16, 2019

ismena commented Sep 16, 2019

ksuhiyp commented Sep 17, 2019

ksuhiyp commented May 3, 2020 • edited

joeyparrish commented May 4, 2020

ksuhiyp commented May 5, 2020

joeyparrish commented May 5, 2020

joeyparrish commented May 27, 2020

sbbullet commented May 28, 2020

ksuhiyp commented May 28, 2020

joeyparrish commented May 28, 2020

ksuhiyp commented Jul 16, 2020

ksuhiyp commented Jul 16, 2020 • edited

joeyparrish commented Aug 29, 2022

joeyparrish commented Aug 29, 2022

ksuhiyp commented Sep 16, 2019 •

edited

ksuhiyp commented May 3, 2020 •

edited

ksuhiyp commented Jul 16, 2020 •

edited