How to decrypt AWS Elastic Transcoder HLS AES encryption video to play .m3u8?

1
votes

I use AWS elastic transcoder HLS AES content protection with No Store option to encrypt my .m3u8 file, as the following documentation says, it will automatically generate a set of Encryption Key, Encryption Key MD5 and Encryption Initialization Vector.

HLS AES protection with no store

I tried to hit ARN(which I specified in my Pipeline)with Encryption Key with aws-sdk’s KMS decrypt api, but got InvalidCiphertextException error.

aws-sdk decrypt api

My question is, how can I decrypt the Encryption Key and get a actual key (which I called, a content key), used for play a .m3u8 file?

2
amazon-web-serviceshttp-live-streamingm3u8amazon-elastic-transcoder

2 Answers

0
votes

Here I found the solution! use AWS KMS decrypt and insert params as follows: 

const kmsDecryptparams = {
  CiphertextBlob: Buffer.from(dataKey,'base64'),
  EncryptionContext: {
      service: 'elastictranscoder.amazonaws.com'
  }
};

The official document doesn't answer any bit about it, but you can find some reference here.

0
votes

There is an easier way: When the Elastic Transcoder job with the No Store has finished, open the Job again and click on the lock next to any of the variant playlists. It shows the decryption value in a popup, which you can save as a file. This value is already decrypted.