Overview

RidgeRun's gst-crypto plugin makes it easy to encrypt or decrypt content passing through a GStreamer pipeline. gst-crypto will take advantage of any available crypto hardware accelerators. gst-crypto is based on OpenSSL so any encryption technology supported by OpenSSL can be supported by gst-crypto. Currently, only aes-128-cbc cipher is support. gst-crypto source code has not yet been reviewed by experts for security deficiencies.

Features

• aes-128-cbc cipher support
• Password or key/iv setup
• GStreamer 0.10.x support
• GStreamer 1.x support

Example Use Cases

• Capture audio/video from a camera directly into an encrypted media file.
• Decrypt streaming audio/video and render to local display/speakers.

Support

Modifications or extensions needed? Integration into other Embedded Linux Systems (e.g. Ubuntu, Yocto, ...)?

• Contact us

Build and run on a local Linux PC

Tested on Ubuntu-14.04 64 bit:

Source code fetch

git clone git@github.com:RidgeRun/gst-crypto
cd gst-crypto

GStreamer 0.10.x

git checkout release-0.10

GStreamer 1.x

git checkout release-1.0

Note: There are tagged releases also.

Compilation

./autogen.sh
./configure
make
sudo make install

Source code

Location

• Our GitHub repository

RR SDK Integration

One of our demo SDK's can be used:

• i.MX6 SabreLite board - with crypto hardware acceleration
• DM368 Leopard board - no crypto hardware available

GStreamer 0.10.x

Subdirectory structure

├── fs
   ├── apps
        ├── gst-crypto-0.10.0
        ├── Config
        ├── Makefile
        └── metainfo

fs/apps/gst-crypto-0.10.0/Config

config FS_APPS_GST_CRYPTO
	bool "gst-crypto-0.10.0"
	select FS_APPS_GSTREAMER_PLUGINS_BASE
	help
	  This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-0.10.0/Makefile

#$L$
# Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 
##$L$

PKG_URL=https://www.ridgerun.com/packages
PKG_TARBALL=gst-crypto-0.10.0.tar.gz
PKG_SHA1SUM=61fdeeeb81cc339764a0c637fcd486c3861fa1a8

include ../../../bsp/classes/rrsdk.class
include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-0.10.0/metainfo

TARGET_REQUIRED="gstreamer gst-plugins-base"

RR SDK configuration

Execution

`make env`
make config

Configuration

File System Configuration  --->
  Select target's file system software  --->
    [*] gst-crypto-0.10.0

GStreamer 1.x

Subdirectory structure

├── fs
   ├── apps
        ├── gst-crypto-1.0
        ├── Config
        ├── Makefile
        └── metainfo

fs/apps/gst-crypto-1.0/Config

config FS_APPS_GST_CRYPTO
	bool "gst-crypto-1.0"
	select FS_APPS_GSTREAMER_PLUGINS_BASE
	help
	  This option enables RidgeRuns gst-crypto plugin.

fs/apps/gst-crypto-1.0/Makefile

#$L$
# Copyright (C) 2015 Ridgerun (http://www.ridgerun.com). 
##$L$

PKG_URL=https://www.ridgerun.com/packages
PKG_TARBALL=gst-crypto-1.0.tar.gz
PKG_SHA1SUM=321bf7787bd4a4667c2f150df84bf6a9c138a15a

include ../../../bsp/classes/rrsdk.class
include $(CLASSES)/gstreamer-plugin.class

fs/apps/gst-crypto-1.0/metainfo

TARGET_REQUIRED="gstreamer gst-plugins-base"

RR SDK configuration

Execution

`make env`
make config

Configuration

File System Configuration  --->
  Select target's file system software  --->
    [*] gst-crypto-1.0

Example pipelines

Test pipeline

GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10

echo "This is a crypto test ... " > plain.txt && gst-launch filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt

On Ubuntu after default installation to /usr/local/lib/gstreamer.0.10

echo "This is a crypto test ... " > plain.txt && gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=plain.txt ! crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt

GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0

echo "This is a crypto test ... " > plain.txt && gst-launch-1.0  filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0

echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt

Creating a encrypted video with the openssl tool and playback

Download demo video

wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi

Encrypt

openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.avi.enc

Playback

Playback on a local display

GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10

gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10

gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0

gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0

gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! decodebin ! queue ! xvimagesink

Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

Streaming to a host

On the target board

GStreamer 0.10.x

On RR SDK after regular installation to /usr/lib/gstreamer-0.10

gst-launch filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system. Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10

gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system. Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

GStreamer 1.x

On RR SDK after regular installation to /usr/lib/gstreamer-1.0

gst-launch-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system. Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10

gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false

Note: Replace the IP address according to your host system. Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.

On the host

gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=true async=false

Using Crypto Hardware Acceleration

Crypto Hardware Acceleration can be used transparently with the plugin and can be configured independently.

There are some considerations to take into account:

• Does the MCU include a hardware crypto unit (e.g. CAAM on i.MX6)?
• Which setup would result in a performance gain (e.g data block size on i.MX6)?
• Is the cipher to be used supported by the hardware crypto unit and the kernel driver?
• Is the kernel driver implemented efficiently?

See:

• RidgeRun af-alg-rr af_alg Autotools version