Enabling DRM Encryption for HLS bitrate file using static key(AES-128) in AWS MediaConvert
Encryption is important in today's era of booming online streaming video streaming services. In this article, we will see how to apply DRM encryption when we convert videos to HLS using AWS Elemental Mediaconvert.
- Refer to this article to create the desired HLS output using MediaConvert.
- In the above article after step 4, you need to perform the following steps for enabling encryption
- You must be in Apple HLS group settings to enable this. Toggle the DRM encryption to ON. Remember it is a ‘Pro’ feature means will incur some charges.
- Encryption method > AES 128.
- In Key Provider type > Static Key
- Initialization vector in manifest > Include
- You can keep Constant initialization vector empty
- In static key value enter a random hex-encoded 16-byte string e.g. 20526b964b2262b0d38ee6731d3e3b2d
- In URL you have to paste the location of the license key server where our key will be verified and will give approval of playing the media file.Now one easy step to give this server location is to if that location is the s3 bucket itself in your account.
So how to set up this key server thing. So copy the above 16 byte static key(STEP 8) in any editor and save it as a binary file(which should have .key as extension). You can use the following command for converting text file to the binary file:
$xxd -r -p keyaes.txt > keyaes.key (here the file name is keyaes which was converted to a binary format from text)
10. Now upload this .key file to the s3 bucket and make it publicly accessible(You can set the accessibility restrictions according to your requirement. Here for the demo we are keeping this file public). Use this uploaded key’s bucket URL in the URL STEP 9( keep in mind you need to use the virtual-hosted–style URL e.g. https://bucket-name
.s3.Region
.amazonaws.com/key name
)
11. You are done with the encryption steps. Now to configure everything else to get the final output please refer to the article mentioned in step 1.