[FFmpeg-user] Stream an encoded video content and play the URL using ffplay with decryption ket

Moritz Barsnick barsnick at gmx.net
Mon Sep 24 16:46:58 EEST 2018

On Mon, Sep 24, 2018 at 17:40:58 +0530, rosmi sebastian wrote:
> sample_enc.mp4  that I used is an encrypted file which is created using
> below command:
> ffmpeg -i sample.mp4 -vcodec copy -acodec copy -encryption_scheme
> cenc-aes-ctr -encryption_key 76a6c65c5ea762046bd749a2e632ccbb
> -encryption_kid a7e61c373e219033c21091fa607bf3b8 sample_enc.mp4
> and able to play the stream_enc.mp4 with decryption key
> ffplay sample_enc.mp4 -decryption_key 76a6c65c5ea762046bd749a2e632ccbb

This works, I understand.

> rtsp is our final use case. I just tried on udp.
> Attached the log file (ffmpeg_log) of rtsp streaming here.

This indicates that ffplay is not decrypting the stream.

> Used the following commands to create the rtsp stream
> ffmpeg  -re -i sample_enc.mp4 -c:v copy -c:a copy
> http://localhost:8090/feed1.ffm
> ffserver -f /path/ffserver.conf
> ffplay rtsp://localhost:5554/test.mpeg4 -decryption_key
> 76a6c65c5ea762046bd749a2e632ccbb

It seems to me that "-decryption_key" is a concept of MOV/MP4 files,
and ffmpeg's "mov" demuxer. As soon as you remux your content into
MPEG-TS, you no longer have the capability to decrypt using this

I don't see how to apply this concept to other formats than MOV/MP4
using ffmpeg, or whether it can even apply to other formats.

What *could* (and in my eyes even should) work, is using a streaming
concept based on MP4, e.g HLS using MP4 segments (and not MPEG-TS
segments of course).

But then, you could just as well use ffmpeg's HLS muxer with MPEG-TS
segments, which has its own encryption implementation. ffserver won't
help you with that, though.

Quick googling indicates that nginx-vod-module can also serve your
encrypted MP4 files.


More information about the ffmpeg-user mailing list