[FFmpeg-devel] Would a crypto file be acceptable?
Hendrik Leppkes
h.leppkes at gmail.com
Thu Dec 22 19:50:16 EET 2022
On Thu, Dec 22, 2022 at 4:53 PM Mark Gaiser <markg85 at gmail.com> wrote:
>
> On Thu, Dec 22, 2022 at 11:40 AM Nicolas George <george at nsup.org> wrote:
>
> > Mark Gaiser (12022-12-21):
> > > While this works just fine, it's limited in use because the cryptography
> > > details have to be passed on the command line. Applications that might
> > well
> > > support much of ffmpeg functionality can't easily hook into the crypto
> > > functionality. Take KODI for example, it allows playback of many of the
> > > formats ffmpeg supports but anything with crypto just isn't possible. In
> > > fact, anything that requires custom command line arguments isn't
> > possible.
> > > [2]
> > >
> > > My idea is to make a new file format that would be implemented and
> > specced
> > > within [1]. My proposed format would be:
> > >
> > > ---
> > > CRYPTO-VERSION:1
> > > CRYPTO-KEY:URI:.....
> > > CRYPTO-IV:URI:.....
> > > encrypted_file
> > > ---
> >
> > The concat demuxer can already contain options, and despite is name it
> > can be used with a single file.
> >
>
> Could you elaborate on how to use that:?
>
> The end result needs to be:
> ffplay <file>
>
> that needs to translate to:
> ffplay crypto://encrypted_file -decryption_key $AES_KEY -decryption_iv
> $AES_IV
>
> I briefly looked at the concat demuxer but couldn't see how to get this
> desired result.
> If you know how, please let me know!
>
Create a file like this:
https://pastebin.com/hFSeXsZt
The first line is so ffmpeg can probe the format, then just have a
"file" line followed by any number of "option" lines.
Note that options are only allowed if safe-mode is disengaged, so the
app in question would have to pass "-safe 0" to the execution in some
manner. But this is something you would have to ask the app to do, as
this protection exists for a reason.
- Hendrik
More information about the ffmpeg-devel
mailing list