[vlc] Re: [OT?] Encrypted Video
Rémi Denis-Courmont
rem at videolan.org
Mon Jan 9 18:34:31 CET 2006
Le Vendredi 6 Janvier 2006 06:39, Ow Mun Heng a écrit :
> > UDP streaming has some
> > limited support for TS encryption, AFAIK. Otherwise, there's the
> > option of HTTP/SSL with/without client authentication, but it is
> > rather complex to deploy.
>
> Are there any docs on it anyways? Might be able to just test it out.
For TS streams, one can use the CSA encryption scheme, although only
with a static key, which is relatively weak, and difficult to deploy
(see CSA advanced options for TS muxer and demuxer). The good news is
that it should work flawlessly atop UDP.
As for HTTP/SSL, on the client, you will probably want to enable
checking of the server credentials. For that you have to enable the
tls-check-cert option from the GnuTLS plugin. VLC looks for Root x509
CA within the ssl/certs/ subdir from the user's VLC configuration
directory (e.g. ~/.vlc/ssl/certs/). Also, you can put any x509 private
key in ssl/private/ - that should be used when the server requests SSL
client authentication, but is very much untested.
On the server side, you have to specify an x509 certicate and private
key with the --sout-http-cert and --sout-http-key options respectively,
and use "https" instead of "http" to enable SSL-based stream output.
The --sout-http-ca and --sout-http-crl allows specifying a CA for
clients to authenticate against and a revocation list respectively.
That is to say, settings up HTTP/SSL is very complicated. Also, one has
to keep in mind that TCP is usually very poor for streaming purposes.
--
Rémi Denis-Courmont
http://www.simphalempin.com/home/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/vlc/attachments/20060109/08e0825f/attachment.sig>
More information about the vlc
mailing list