What is AES-128?
AES-128 (Advanced Encryption Standard) is a block encryption algorithm based on several substitutions and permutations of data in blocks of 16 bytes, the key length of this encryption type is 128 bits.
Encryption is suitable when you need to allow certain viewers access to content, for example, to content by subscription which is available only for those who paid for it.
AES-128 is used as an encryption standard for high-security systems, so it is difficult to intercept and decrypt keys.
How AES-128 works with VOD
We deliver the video via HLS protocol. The video is divided into playlists consisting of fragments (chunks).
Video fragments are transmitted in encrypted form, using the AES-128 algorithm. The video decryption key for viewers is transmitted in a separate request.
The process of getting the decryption key:
- The request to view the video is sent to your server.
- It is analyzed for the presence of cookies and other session parameters.
- If the request does not contain certain parameters, access to the video is forbidden.
- If the request contains certain parameters, the server sends a GET request to the G-Core Labs API to get the key.
- The G-Core Labs API provides the key to the server.
- The server sends the key to the viewer, access to the video is provided.
Settings on the Streaming platform
To enable the ability to send video using AES-128 encryption, contact technical support by email firstname.lastname@example.org or in the chat.
After the encryption is enabled, the _s_ characters will be added to the M3U8 video URL:
Please note! After the encryption is enabled, the request to view the video and receive the decryption key is sent to the Streaming servers.
There are no settings on the Streaming servers that allow us to understand on what principle to allow or prohibit access to a video to a specific viewer, access will be provided to all viewers.
To avoid this, configure your server according to the instructions below.
Settings on your server
To redirect and process requests on the decryption key, configure the server.
1. Create an API that will receive a request on the decryption key.
If you need help with server API creation, please, write to us at email@example.com or in the chat.
2. Create a domain to which the viewer will be redirected to verify and receive the key.
The domain should be inserted into the link after the _s_ characters as follows:
3. In case of successful request validation, the server should send a GET request to the G-Core Labs API to get the decryption key:
4. After the key is received, the server should pass it to the viewer in the unchanged format.
Example of a key:
To pass the key in this format, these headers may be useful:
- content-transfer-encoding: binary
- content-type: application/octet-stream