Wowza Community

AES rotating keys

I am developing a module to rotate AES Keys. A scheduler makes an api call to the key server to update keys for for streams. So whatever is requested next is the new key.

With videojs VHS Ive noticed it’s a little behind to trying to decrypt a fragment with the new key obtained from the key server but its still the old key in the fragment.

How do I work around this issue as playback stops. I’ve tried not encrypting a chunk when just updating but still fails., setting encryption to none still requests the key server. I noticed I dont need to set all this enc info each time. Is there an efficient way to cache and reuse the enc info ?

public void onHTTPCupertinoEncryptionKeyLiveChunk(ILiveStreamPacketizer liveStreamPacketizer, String streamName, CupertinoEncInfo encInfo, long chunkId, int mode)
{
	
	//Log.info("Chunk request " + streamName);
	
	
	
	
	SessionAESKey keyData = streamKeys.get(streamName);
	
	Log.info("Chunk request " + streamName + " " + keyData.keyHex + " is updating "+ keyData.isUpdating);
	
	if (keyData.isUpdating) {
		encInfo.setEncMethod(CupertinoEncInfo.METHOD_NONE);
		encInfo.setEncUrl("");
		
		keyData.isUpdating = false;
		//.info("Updating: " + encInfo.toString());
		return;
	}
	
	encInfo.setEncMethod(CupertinoEncInfo.METHOD_AES_128);
	encInfo.setEncUrl(keyData.keyURL);
	encInfo.setEncKeyBytes(keyData.key);
	encInfo.setEncIVBytes(keyData.iv);
	encInfo.setEncKeyFormatVersion("1");	
}

I figured something out that was trivial. Use a hash on the key urls to identify which key to deliver for the stream. ie keyserver/streamname/hash. This brings up a configured set cache using the streamname and hash. old segements will load the old key then. Rotation still causes temporary playback buffers. The cache I set to expire minutes in advance of the rotation interval so old segements loading will get the cache not expired yet.