[vlc] Re: [OT?] Encrypted Video

Rémi Denis-Courmont rem at videolan.org
Mon Jan 9 18:34:31 CET 2006


Le Vendredi 6 Janvier 2006 06:39, Ow Mun Heng a écrit :
> > UDP streaming has some
> > limited support for TS encryption, AFAIK. Otherwise, there's the
> > option of HTTP/SSL with/without client authentication, but it is
> > rather complex to deploy.
>
> Are there any docs on it anyways? Might be able to just test it out.

For TS streams, one can use the CSA encryption scheme, although only 
with a static key, which is relatively weak, and difficult to deploy 
(see CSA advanced options for TS muxer and demuxer). The good news is 
that it should work flawlessly atop UDP.


As for HTTP/SSL, on the client, you will probably want to enable 
checking of the server credentials. For that you have to enable the 
tls-check-cert option from the GnuTLS plugin. VLC looks for Root x509 
CA within the ssl/certs/ subdir from the user's VLC configuration 
directory (e.g. ~/.vlc/ssl/certs/). Also, you can put any x509 private 
key in ssl/private/ - that should be used when the server requests SSL 
client authentication, but is very much untested.

On the server side, you have to specify an x509 certicate and private 
key with the --sout-http-cert and --sout-http-key options respectively, 
and use "https" instead of "http" to enable SSL-based stream output. 
The --sout-http-ca and --sout-http-crl allows specifying a CA for 
clients to authenticate against and a revocation list respectively.

That is to say, settings up HTTP/SSL is very complicated. Also, one has 
to keep in mind that TCP is usually very poor for streaming purposes.

-- 
Rémi Denis-Courmont
http://www.simphalempin.com/home/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/vlc/attachments/20060109/08e0825f/attachment.sig>


More information about the vlc mailing list