GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → awslabs → speke-reference-server

awslabs / speke-reference-server

Licence: Apache-2.0 license
Secure Packager and Encoder Key Exchange (SPEKE) is part of the AWS Elemental content encryption protection strategy for media services customers. SPEKE defines the standard for communication between our media services and digital rights management (DRM) system key servers. This project provides the basic framework that partners can specialize a…

Programming Languages

python
139335 projects - #7 most used programming language
shell
77523 projects

Labels

encryptionvideoserverlessmediadrmmediaconnectmediapackagespeke

Projects that are alternatives of or similar to speke-reference-server

kaltura-player-android
Kaltura Player is a rich, easy to integrate and easy to use video player for all media types and ad scenarios you need. - based on Google ExoPlayer
Stars: ✭ 22 (-75.82%)
Mutual labels:  media, drm
electron-releases
castLabs Electron for Content Security
Stars: ✭ 173 (+90.11%)
Mutual labels:  drm
eglfs
🚀 EGL fullscreen platform plugin
Stars: ✭ 21 (-76.92%)
Mutual labels:  drm
large-video-upload-python
Sample Python code for uploading video up to 140 seconds and/or up to 512Mb.
Stars: ✭ 109 (+19.78%)
Mutual labels:  media
macOSAppsOpenSource
No description or website provided.
Stars: ✭ 33 (-63.74%)
Mutual labels:  media
Mp3Info
The fastest PHP library to extract mp3 meta information (duration, bitrate, samplerate and so on) and tags (id3v1, id3v2).
Stars: ✭ 114 (+25.27%)
Mutual labels:  media
media-roller
A self hosted server to download videos from social media with an iOS shortcut for on-click saving to camera roll
Stars: ✭ 52 (-42.86%)
Mutual labels:  media
focuspoint
Erweitert den Medienpool um die Fähigkeit, den Fokuspunkt eines Bildes zu bestimmen.
Stars: ✭ 57 (-37.36%)
Mutual labels:  media
server-media
This repository collects icons, logos & information about game servers.
Stars: ✭ 29 (-68.13%)
Mutual labels:  media
all-in-one-video-pack.wordpress
A Wordpress Plugin to simplify adding Kaltura to your Blog
Stars: ✭ 19 (-79.12%)
Mutual labels:  media
Transcoder
Docker container to transcode videos in mounted volume to H265 using FFMPEG
Stars: ✭ 13 (-85.71%)
Mutual labels:  media
media-command
Imports files as attachments, regenerates thumbnails, or lists registered image sizes.
Stars: ✭ 40 (-56.04%)
Mutual labels:  media
media-player
An modern, clean media player built using web technologies
Stars: ✭ 44 (-51.65%)
Mutual labels:  media
live-stream-on-aws
The live stream solution is a reference deployment that demonstrates how to deliver highly available live streaming video through an integrated workflow between Elemental Cloud and AWS.
Stars: ✭ 258 (+183.52%)
Mutual labels:  mediapackage
omnic
Stateless microservice for on-the-fly thumbs and conversions of a wide variety of file types, utilizing conversion graph.
Stars: ✭ 17 (-81.32%)
Mutual labels:  media
TonUINO
Alternative TonUINO Firmware
Stars: ✭ 112 (+23.08%)
Mutual labels:  media
MJMediaPicker
A Custom Class to select media from camera ,video or photo library by just adding a single file
Stars: ✭ 15 (-83.52%)
Mutual labels:  media
react-native-vlc-media-player
React native media player for video streaming and playing. Supports RTSP, RTMP and other protocols supported by VLC player
Stars: ✭ 221 (+142.86%)
Mutual labels:  media
lk
Simple Web Image Viewer
Stars: ✭ 22 (-75.82%)
Mutual labels:  media
Rise-Media-Player
One media player for everything you own or stream; whether it's music or videos, online or offline Rise Media Player does it all. And it's beautiful and native with the latest version of WinUI.
Stars: ✭ 600 (+559.34%)
Mutual labels:  media
View All Similar Projects ➔

SPEKE Reference Server

Secure Packager and Encoder Key Exchange (SPEKE) is part of the AWS Elemental content encryption protection strategy for media services customers. SPEKE defines the standard for communication between AWS Media Services and digital rights management (DRM) system key servers. SPEKE is used to supply keys to encrypt video on demand (VOD) content through AWS Elemental MediaConvert and for live content through AWS Elemental MediaPackage.

Take a look at high-level SPEKE documentation available on the AWS web site.

Setup

Use the provided CloudFormation template to deploy the reference key server into your AWS account. The reference SPEKE implementation provides a key server and key distribution cache for end-to-end segment encyption with HLS and DASH. Use it as an example and starting point when implementing a complete DRM solution with SPEKE.

The CloudFormation template creates an API Gateway, Lambda function, S3 bucket and CloudFront distribution and adds the needed settings for the reference server. Additionally, the template creates IAM policies and roles necessary for API Gateway, Lambda, Secrets Manager, S3 and CloudFront to interact.

The following diagram shows the primary components of the serverless SPEKE solution and the connectivity among the components during runtime. The diagram also shows one possible integration between AWS MediaPackage or AWS MediaConvert and SPEKE.

Image of serverless SPEKE

These sections will guide you through installation, testing and configuration of the SPEKE Reference Server.

  1. Installation - This section includes installation instructions for API Gateway, Lambda deployment and AWS Elemental MediaPackage channel integration.

  2. Test Cases - This page include several unit tests and manual test cases that can be used to verify operation of the SPEKE Reference Server. These test cases do not require integration with additional services.

  3. AWS Elemental MediaPackage - This page documents steps that can be used to verify operation of the SPEKE Reference Server using AWS Elemental MediaPackage.

  4. Contributing - This page includes the guidelines for contributing your enhancements, fixes and documentation to the project.

  5. Code of Conduct - This is what we expect from all people interacting and contributing with the team.

SPEKE Reference Server Installation

The following page guides the user through deployment and configuration of the SPEKE Reference Server.

Prerequisites

  • An AWS account with administrator rights and access to the AWS console
  • Note that this solution can be deployed to any region that supports API Gateway, Lambda, and S3. You need to consider the packager or encoder's location relative to the API Gateway endpoint used to create encryption keys. The encoder, packager and SPEKE services should be in the same region or as geographically close as possible to reduce the request/response latency in key generation.

Building Cloudformation template and Lambda locally

  1. Create a virtual environment for this project using python3 using steps outlined here.
  2. Install dependencies within the virtual environment using pip3 install -r requirements.txt.
  3. In zappa_settings.json under src, replace aws_region with the region this lambda will be deployed.
  4. Run local_build.sh.
  5. The script will generate required artifacts under build folder.
  6. Create a new bucket in S3 (For example: speke-us-east-1). Create a folder called speke and upload the generated speke-reference lambda zip file.
  7. In the generated speke_reference.json, replace rodeolabz with the name of your created bucket (speke is used in this example).
  8. Use the speke_reference.json template in CloudFormation to deploy the speke reference server following the instructions below.

Sidenote: Building the lambda on Mac/Windows

AWS Lambda environment is similar to Amazon Linux (AL2) and so a dependency that this reference server needs: cffi does not match the lambda runtime when built on a Windows/ macOS machine. When the reference server is run, it might result in an error: No module named '_cffi_backend'. To resolve this, create a requirements.txt file with cffi==<version>, replacing version with the desired version number (The requirements.txt file can be used for a compatible version) and create a lambda layer following the steps outlined here and then update the speke reference lambda function to reference this layer.

Deploy using CloudFormation template

  1. Sign in to the AWS console.
  2. Choose a region such as us-east-1 or us-west-2 to start.
  3. Navigate to the AWS CloudFormation console.
  4. Create a new stack.
  5. On the Select Template page, select Upload a template file and choose the generated speke_reference.json file prepared in the above section.
  6. At the Specify Details pages, provide a stack name, like SPEKE.
  7. Provide a value for the KeyRetentionDays parameter. This is the amount of time to retain a key in the S3 bucket for client playback. Keys older than this amount will be automatically removed by S3. The default is 2 days, which is usually enough for live content across multiple time zones.
  8. There are some Parameters which contain default values, this is for reference only and it is recommended that users modify this section of the reference server to return values such as playready header and pssh boxes according to their requirements.
  9. The Options page does not require any input, although you can choose to be notified after the template completes.

When the template is complete you will have an operational reference SPEKE server that can be used for HLS encryption. You can review the Resources tab of the template to see what was created or updated, and the Outputs tab for the URL of the SPEKE server and the role ARN that permits MediaPackage access.

Limitations

This solution only supports key creation for the following DRM technologies: Widevine, Playready

This solution will send a blank CPIX response if the Apple Fairplay system ID is used.

For Speke V2.0, this solution works for Widevine, Playready and Fairplay Due to limitations on size of environment variables provided for a lambda, users must implement their own solution to create and send PSSH, ContentProtectionData and HLSSignalingData for the different DRM systems.

This solution only supports the contentProtection method to handle communication between the reference server solution and the Media Services. Users must implement copyProtectionData methods in order to handle client/player request to decrypt content.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].