Closed shalom-aviv closed 2 years ago
I'm a little confused. The whole point of insertable streams is that the server does not know the encryption keys, so that you get end-to-end authentication. Almost all of the support should happen on the client side:
As far as I can see, the only change necessary on the server side should be to ensure that the Keyframe
function in codec.go
returns (false, false)
in the case of an end-to-end encrypted stream. You should also ensure that saving an end-to-end encrypted stream fails cleanly.
@jech Thanks for answer!
Clients and server will receive their keys via other channels from outside of Galene. The idea is to add additional encryption with own proprietary algorithm between the server and clients. The server is trusted and it can have access to the decrypted stream.
Ah, I see.
Packet reception happens here: https://github.com/jech/galene/blob/master/rtpconn/rtpreader.go#L61 Packet emission happens here: https://github.com/jech/galene/blob/master/rtpconn/rtpconn.go#L224
Note that (*rtpDownTrack) Write
may be called from multiple threads simultaneously, so make sure that you do proper locking if you add state.
@jech Thank you!
Hi
Is it possible to add additional secure level (encrypt/decrypt with own algorithm params)?
[client 1] <-crypted with pwd1-> [Galene] <-crypted with pwd2-> [client 2]
For MVP to test idea I want implement next steps:
Is it possible at all? May be you can route me in galene code base and give some instructions? ;)
Thank you!