Difference between revisions of "RidgeRun gst-crypto GStreamer Plugin"
(→Encoding/Decoding Udpstream) |
m |
||
(One intermediate revision by the same user not shown) | |||
Line 28: | Line 28: | ||
Also, gst-crypto does not support seeking and some mux/demuxers, please inquire in case this is needed. RidgeRun has solutions that support seeking while doing decrypting. | Also, gst-crypto does not support seeking and some mux/demuxers, please inquire in case this is needed. RidgeRun has solutions that support seeking while doing decrypting. | ||
− | === gst-crypto GStreamer Plugin Features === | + | === <u>gst-crypto GStreamer Plugin Features</u> === |
* aes-128-cbc and aes-256-cbc cipher support verified | * aes-128-cbc and aes-256-cbc cipher support verified | ||
Line 35: | Line 35: | ||
* GStreamer 1.x support | * GStreamer 1.x support | ||
− | === Example Use Cases === | + | === <u>Example Use Cases</u> === |
* Capture audio/video from a camera directly into an encrypted media file. | * Capture audio/video from a camera directly into an encrypted media file. | ||
Line 48: | Line 48: | ||
Tested on Ubuntu-14.04 64 bit: | Tested on Ubuntu-14.04 64 bit: | ||
− | === Source code fetch === | + | === <u>Source code fetch</u> === |
git clone git@github.com:RidgeRun/gst-crypto | git clone git@github.com:RidgeRun/gst-crypto | ||
cd gst-crypto | cd gst-crypto | ||
− | |||
− | |||
− | |||
− | |||
==== GStreamer 1.x ==== | ==== GStreamer 1.x ==== | ||
Line 63: | Line 59: | ||
'''Note:''' There are tagged releases also. | '''Note:''' There are tagged releases also. | ||
− | === Compilation === | + | === <u>Compilation</u> === |
./autogen.sh | ./autogen.sh | ||
Line 101: | Line 97: | ||
</html> | </html> | ||
− | + | If you don't want to install it into your system you can specify the directory path with: | |
− | If you don't want to install into your system you can specify directory path with: | ||
<pre> | <pre> | ||
Line 110: | Line 105: | ||
== gst-crypto Source code == | == gst-crypto Source code == | ||
− | === Location === | + | === <u>Location</u> === |
* [https://github.com/RidgeRun/gst-crypto Our GitHub repository] | * [https://github.com/RidgeRun/gst-crypto Our GitHub repository] | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Example pipelines == | == Example pipelines == | ||
− | === Test pipeline | + | === <u>Test pipeline</u> === |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
===== On Ubuntu after default installation to ''/usr/local/lib/gstreamer.0.10'' ===== | ===== On Ubuntu after default installation to ''/usr/local/lib/gstreamer.0.10'' ===== | ||
Line 263: | Line 124: | ||
==== GStreamer 1.x ==== | ==== GStreamer 1.x ==== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
===== On Ubuntu after default installation to ''/usr/local/lib/gstreamer-1.0'' ===== | ===== On Ubuntu after default installation to ''/usr/local/lib/gstreamer-1.0'' ===== | ||
Line 279: | Line 135: | ||
</pre> | </pre> | ||
− | === Creating an encrypted video with the ''openssl'' tool and playback === | + | === <u>Creating an encrypted video with the ''openssl'' tool and playback</u> === |
==== Download demo video ==== | ==== Download demo video ==== | ||
Line 294: | Line 150: | ||
===== Playback on a local display ===== | ===== Playback on a local display ===== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
====== On Ubuntu after default installation to ''/usr/local/lib/gstreamer-0.10'' ====== | ====== On Ubuntu after default installation to ''/usr/local/lib/gstreamer-0.10'' ====== | ||
Line 318: | Line 165: | ||
====== GStreamer 1.x ====== | ====== GStreamer 1.x ====== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
====== On Ubuntu after default installation to ''/usr/local/lib/gstreamer-1.0'' ====== | ====== On Ubuntu after default installation to ''/usr/local/lib/gstreamer-1.0'' ====== | ||
Line 341: | Line 181: | ||
====== On the target board ====== | ====== On the target board ====== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
'''On Ubuntu after default installation to ''/usr/local/lib/gstreamer-0.10'' ''' | '''On Ubuntu after default installation to ''/usr/local/lib/gstreamer-0.10'' ''' | ||
Line 368: | Line 197: | ||
====== GStreamer 1.x ====== | ====== GStreamer 1.x ====== | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
'''On Ubuntu after default installation to ''/usr/local/lib/gstreamer-1.0'' ''' | '''On Ubuntu after default installation to ''/usr/local/lib/gstreamer-1.0'' ''' | ||
Line 397: | Line 217: | ||
</pre> | </pre> | ||
− | === Encoding/Decoding Playback Pipelines === | + | === <u>Encoding/Decoding Playback Pipelines</u> === |
==== GStreamer 1.0 ==== | ==== GStreamer 1.0 ==== | ||
Line 475: | Line 295: | ||
</pre> | </pre> | ||
− | === Encoding/Decoding Livestream Pipelines === | + | === <u>Encoding/Decoding Livestream Pipelines</u> === |
==== GStreamer 1.0 ==== | ==== GStreamer 1.0 ==== | ||
Line 494: | Line 314: | ||
</pre> | </pre> | ||
− | === Encoding/Decoding Udpstream === | + | === <u>Encoding/Decoding Udpstream</u> === |
==== GStreamer 1.0 ==== | ==== GStreamer 1.0 ==== | ||
Line 524: | Line 344: | ||
</pre> | </pre> | ||
− | === Encoding/Decoding on the Fly === | + | === <u>Encoding/Decoding on the Fly</u> === |
==== GStreamer 1.0 ==== | ==== GStreamer 1.0 ==== | ||
Line 547: | Line 367: | ||
Please check RidgeRun's [https://github.com/RidgeRun/gst-crypto GstCrypto Git Repository] | Please check RidgeRun's [https://github.com/RidgeRun/gst-crypto GstCrypto Git Repository] | ||
− | == | + | == Test pipelines for release2.0 == |
− | === Raw data file === | + | === <u>Raw data file</u> === |
'''Encode''' | '''Encode''' | ||
<pre> | <pre> | ||
Line 562: | Line 382: | ||
'''Notes:''' 1 byte file, content was verified before/after crypto encode/decode, data was not affected by encode/decode process | '''Notes:''' 1 byte file, content was verified before/after crypto encode/decode, data was not affected by encode/decode process | ||
− | === Big Buck Bunny avi file === | + | === <u>Big Buck Bunny avi file</u> === |
'''Encode file with gst-crypto''' | '''Encode file with gst-crypto''' |
Latest revision as of 09:57, 31 December 2021
Open-source project from Ridgerun. gst-crypto plugin makes it easy to encrypt or decrypt content passing through a GStreamer pipeline. |
Contents
|
|
Error creating thumbnail: Unable to save thumbnail to destination
|
gst-crypto Overview
RidgeRun's gst-crypto plugin is a GStreamer plugin that makes it easy to encrypt or decrypt content passing through a GStreamer pipeline. gst-crypto will take advantage of any available crypto hardware accelerators. gst-crypto is based on OpenSSL so any encryption technology supported by OpenSSL can be supported by gst-crypto. The plugin supports any encrypt/decrypt chiper that openssl support, only aes-128-cbc and aes-256-cbc ciphers have been validated. gst-crypto source code has not yet been reviewed by experts for security deficiencies.
Also, gst-crypto does not support seeking and some mux/demuxers, please inquire in case this is needed. RidgeRun has solutions that support seeking while doing decrypting.
gst-crypto GStreamer Plugin Features
- aes-128-cbc and aes-256-cbc cipher support verified
- Password or key/iv setup
- GStreamer 0.10.x support
- GStreamer 1.x support
Example Use Cases
- Capture audio/video from a camera directly into an encrypted media file.
- Decrypt streaming audio/video and render to local display/speakers.
GStreamer Plugin Support
Please Contact RidgeRun for any modifications or extensions needed and Integration into other Embedded Linux Systems (e.g. Ubuntu, Yocto, ...).
Build and run on a local Linux PC
Tested on Ubuntu-14.04 64 bit:
Source code fetch
git clone git@github.com:RidgeRun/gst-crypto cd gst-crypto
GStreamer 1.x
git checkout release-1.0
Note: There are tagged releases also.
Compilation
./autogen.sh ./configure --libdir=/usr/lib/x86_64-linux-gnu/ make sudo make install
The location of the plug-in can vary according to the system. The following table summarizes some standard locations for different setups
System | Libdir |
---|---|
Ubuntu | /usr/lib/x86_64-linux-gnu/ |
Mac OSX (macports) | /opt/local/lib |
RidgeRun SDK | /usr/lib/ |
Tegra X1/X2 | /usr/lib/aarch64-linux-gnu |
If you don't want to install it into your system you can specify the directory path with:
GST_PLUGIN_PATH=src/.libs/ gst-launch ....
gst-crypto Source code
Location
Example pipelines
Test pipeline
On Ubuntu after default installation to /usr/local/lib/gstreamer.0.10
echo "This is a crypto test ... " > plain.txt && gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=plain.txt ! crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto ! <some other elements>
Creating an encrypted video with the openssl tool and playback
Download demo video
wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi
Encrypt
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.avi.enc
Playback
Playback on a local display
On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! decodebin ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto ! <some other elements>
Streaming to a host
On the target board
On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
On the host
gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=true async=false
Encoding/Decoding Playback Pipelines
GStreamer 1.0
- TS - encrypting with gstcrypto
gst-launch-1.0 -e videotestsrc is-live=true ! x264enc ! queue ! h264parse ! mpegtsmux ! filesink location=test.ts sync=true
gst-launch-1.0 filesrc location=test.ts ! crypto mode=enc ! filesink location=test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- AVI - encrypting with gstcrypto
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
gst-launch-1.0 filesrc location=test.avi ! crypto mode=enc ! filesink location=test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- QuickTime - encrypting with gstcrypto
wget https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_480p_h264.mov
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov ! crypto mode=enc ! filesink location=big_buck_bunny_480p_h264.mov.enc
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.enc ! crypto mode=dec ! filesink location=big_buck_bunny_480p_h264.mov.dec
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.dec ! qtdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- TS - encrypting with openssl
gst-launch-1.0 -e videotestsrc is-live=true ! x264enc ! queue ! h264parse ! mpegtsmux ! filesink location=test.ts sync=true
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.ts -out test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- AVI - encrypting with openssl
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.avi -out test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
Encoding/Decoding Livestream Pipelines
GStreamer 1.0
- TS - Encrypting Camera livestream with GstCrypto to a file
gst-launch-1.0 -e v4l2src device=/dev/video0 ! queue ! x264enc ! queue ! h264parse ! mpegtsmux ! queue ! rndbuffersize min=4096 max=4096 ! crypto mode=enc ! filesink location=live.ts.enc
- TS - Decrypt encoded file from the camera livestream
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- TS - Decrypt encoded file to a video file
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsparse ! queue ! filesink location=live.ts sync=false
Encoding/Decoding Udpstream
GStreamer 1.0
H264 + Transport Stream
- Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! x264enc ! h264parse ! mpegtsmux ! tsparse ! rndbuffersize min=4096 max=4096 ! queue ! crypto mode=enc ! queue ! udpsink port=5000
- Receiver: Decrypt to a file
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec ! queue ! tsparse ! queue ! filesink location=udpstream.ts
- Receiver: Save encrypted udpstream
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! filesink location=udpstream.ts.enc
Jpeg
- Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! jpegenc ! queue ! rndbuffersize min=4096 max=4096 ! queue ! crypto mode=enc ! queue ! udpsink port=5000
- Receiver: Decrypt to a display
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec ! queue ! jpegparse ! jpegdec ! queue ! xvimagesink sync=false
Encoding/Decoding on the Fly
GStreamer 1.0
- Encoding, decoding and sending output to display in one pipeline
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! jpegenc ! queue ! rndbuffersize min=4096 max=4096 ! crypto mode=enc ! queue ! crypto mode=dec ! jpegparse ! jpegdec ! xvimagesink
Using Crypto Hardware Acceleration
Crypto Hardware Acceleration can be used transparently with the plugin and can be configured independently.
There are some considerations to take into account:
- Does the MCU include a hardware crypto unit (e.g. CAAM on i.MX6)?
- Which setup would result in a performance gain (e.g data block size on i.MX6)?
- Is the cipher to be used supported by the hardware crypto unit and the kernel driver?
- Is the kernel driver implemented efficiently?
Please check RidgeRun's GstCrypto Git Repository
Test pipelines for release2.0
Raw data file
Encode
gst-launch-1.0 filesrc location=small-file.file ! crypto mode=enc ! filesink location=small-file.file.enc
Decode
gst-launch-1.0 filesrc location=small-file.file.enc ! crypto mode=dec ! filesink location=output.dec
Notes: 1 byte file, content was verified before/after crypto encode/decode, data was not affected by encode/decode process
Big Buck Bunny avi file
Encode file with gst-crypto
gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi ! crypto mode=enc ! filesink location=big_buck_bunny_1080p_surround.avi.enc
Decode and display
gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi.enc blocksize=4096 ! crypto mode=dec ! queue ! avidemux ! avdec_mpeg4 ! xvimagesink
Encoding with openssl Decoding also work when using openssl for encoding
Encode with openssl
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_1080p_surround.avi -out openssl-enc-big_buck_bunny_1080p_surround.avi.enc
Decode and display
gst-launch-1.0 filesrc location=openssl-enc-big_buck_bunny_1080p_surround.avi.enc blocksize=4096 ! crypto mode=dec ! queue ! avidemux ! avdec_mpeg4 ! xvimagesink
Audio/video decode file Note: this pipeline can be optimized, just for testing.
GST_DEBUG=3 gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux name=demux demux.video_0 ! 'video/mpeg, mpegversion=(int)4' ! queue ! avdec_mpeg4 ! xvimagesink async=false demux.audio_0 ! queue ! decodebin ! audioconvert ! alsasink async=false
iMX6 example pipelines
Tested on iMX6 Nitrogen6x board with RidgeRun SDK:
Avi decrypt and playback
gst-launch-1.0 filesrc location=/mnt/big_buck_bunny_1080p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux name=demux demux.video_0 ! 'video/mpeg, mpegversion=(int)4' ! queue ! vpudec ! imxv4l2sink name=videosink device=/dev/video17 async=false
iMX6 transport stream
gst-launch-1.0 filesrc location=/mnt/test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! vpudec ! imxv4l2sink name=videosink device=/dev/video17 async=false
RidgeRun Resources | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||
Contact Us
|