shaka-project / shaka-packager

A media packaging and development framework for VOD and Live DASH and HLS applications, supporting Common Encryption for Widevine and other DRM Systems.
https://shaka-project.github.io/shaka-packager/
Other
2k stars 510 forks source link

does parameter "iv" matters in raw key generate DRM resource? #1298

Closed woshiyizhizhu closed 6 months ago

woshiyizhizhu commented 1 year ago

System info

Operating System: Ubuntu 20.04.6 LTS (GNU/Linux 5.4.0-163-generic x86_64) Shaka Packager Version: packager-linux-x64 version v2.6.0-5181ea1-release

I am new about this, and I am using raw key to encrypt mp4 file and decrypt using key server, and they all work. My line to generate drm resource is as follows:

./packager-linux-x64 \ in=h264_baseline_360p_600.mp4,stream=video,output=h264_raw.mp4,drm_label=SD \ --enable_raw_key_encryption \ --keys label=SD:key_id=abba271e8bcf552bbd2e86a434a9a5d9:key=69eaa802a6763af979e8d1940fb88392:iv=22334455667788990011223344556677 \ --protection_systems Widevine\ --pssh 000000317073736800000000EDEF8BA979D64ACEA3C827DCD51D21ED00000011220F7465737420636F6E74656E74206964 \ --mpd_output 11_raw.mpd \

and when I changed value of iv, the encrypted video can still be decrypted by exoplayer, my point is the protection_scheme is 'cenc' by default, so it comes to AES-CTR method, and it should need iv to encrypt and decrypt, why I changed the value of iv and the video can still be decrypted? If I missing something or some other reasons. Really thank you if you could help me with that.

pozelli commented 7 months ago

The IV is important for ensuring the uniqueness of the cryptography. However, it doesn't need to be private. In fact, it's present both in the PSSH box and the manifest. So, even when you change the IV, the player can retrieve the new value from the manifest/initialization segment.

joeyparrish commented 7 months ago

@pozelli, thank you for answering! @woshiyizhizhu, does this answer your question?

github-actions[bot] commented 6 months ago

Closing due to inactivity. If this is still an issue for you or if you have further questions, the OP can ask shaka-bot to reopen it by including @shaka-bot reopen in a comment.