Monibuca Encryption Plugin
This plugin provides functionality for encrypting video streams, supporting multiple encryption algorithms and using either static or dynamic keys.
Configuration
Add the following configuration to config.yaml:
yaml
crypto:
isstatic: false # Whether to use static key
algo: "aes_ctr" # Encryption algorithm: supports aes_ctr, xor_s, xor_c
encryptLen: 1024 # Encryption byte length
secret:
key: "your key" # Encryption key
iv: "your iv" # Encryption vector (only required for aes_ctr and xor_c)
onpub:
transform:
.* : $0 # Which streams to encrypt, regular expression, here all streams
Encryption Algorithm Description
aes_ctr
: AES-CTR mode encryption- Key length requirement: 32 bytes
- IV length requirement: 16 bytes
xor_s
: Simple XOR encryption- Key length requirement: 32 bytes
- No IV required
xor_c
: Complex XOR encryption- Key length requirement: 32 bytes
- IV length requirement: 16 bytes
Key Retrieval
API Interface
API interface for retrieving encryption keys:
GET /crypto?stream={streamPath}
Parameter description:
- stream: Stream path
Response example:
text
{key}.{iv}
The returned key format is rawstd base64 encoded
Key Generation Rules
Static Key Mode (isStatic: true)
- Directly uses the key and iv from the configuration file
Dynamic Key Mode (isStatic: false)
- key = md5(configured key + stream path)
- iv = First 16 bytes of md5(stream path)
Important Notes
- Encryption only encrypts the key data portion of video frames, preserving NALU header information
- When using dynamic keys, ensure a valid secret.key is set in the configuration file
- When using AES-CTR or XOR-C algorithms, both key and iv must be configured
- It's recommended to use dynamic key mode in production environments for enhanced security