Playing encrypted video

Just about every widely used encryption algorithm works on blocks of sizes between 128 and 256 bits – and will happily decrypt only a few of these at a time, just fine for streaming. Check out, e.g., Crypto++ for a software library that has streaming interfaces. (I.e., you just open a file, put a decrypting filter around that, and then just continue pretty much like with any other file.)


Playback pipeline is typically a set of components plugged in together. In DirectShow, one of the APIs and the most popular one, one uses reader, splitter, codecs, post-processing and presentation parts known as filters and the whole thing plays back. It is possible to substitute reader with your own replacement which reads encrypted content and decodes on the fly. It can easily be decoding on demand, no need to decode the whole 2GB block in order to for example get a first frame or a thumbnail.

Having only hooked the reader part you are free to choose encryption method, between custom algorithm, one one of well known, API or external library.

Still I think this and other (at least most of the other) ways do not get you bullet proof guarantee that encoded content cannot be reversed. Someone else can still hook into the pipeline and grab decoded content from there. If you are happy that this at least will require complexity and experience to implement, then such encryption is going to work out pretty well.


Ok, this is how I did it. (Android)

Encrypted video is placed in sd-card. RC4 encrypted - so it can be converted on the fly while streaming. Then I created a local file server that runs on the device (as a service). The output stream does a little something extra before sending out data - it filters it through an RC4 decrypter before writing it out to the buffer. Then just point the media player to the url of the video (http://localhost:port/abc.3gp"). As a result, video from the sdcard remains secure - you cannot play it unless you have the key - which you should differ for each video for additional security.