search

bluenviron / mediamtx

Ready-to-use SRT / WebRTC / RTSP / RTMP / LL-HLS media server and media proxy that allows to read, publish, proxy, record and playback video and audio streams.
MIT License
12.42k stars 1.54k forks source link

[Feature Request] Add support for DRM (Apple FairPlay and Google Widevine) #2976

Open JustJoostNL opened 9 months ago

JustJoostNL commented 9 months ago

Describe the feature

Add support for adding DRM, such as Apple FairPlay, and Google Widevine. This way streams can be secured better.

aler9 commented 7 months ago

i was taking a look at the Apple FairPlay overview, the process is extremely similar to JWT-based authentication (which the server supports).

The main difference is that much of the computational effort is moved on the client side. In JWT-based authentication, the client requests a JWT from an identity server, then it attaches this JWT to each request to MediaMTX, then MediaMTX validates this JWT and checks its expiration date. If the JWT is not expired, then chunks of the stream are sent back.

In FairPlay encryption, chunks of the stream are always available, but encrypted. A client has to contact a key server in order to download keys, which may have an expiration date, and then it can decode the stream.

Another FairPlay advantage is that it is supported natively on iOS, while in JWT-based authentication you have to write a logic somewhere that periodically requests a new JWT from an identity server.

This might be a future enhancement, but for the moment, if you want to restrict a reader from viewing the stream after a certain period of time, use JWTs.