RidgeRun gst-crypto GStreamer Plugin
 | Open-source project from Ridgerun. gst-crypto plugin makes it easy to encrypt or decrypt content passing through a GStreamer pipeline. |
|
|
|
gst-crypto Overview
RidgeRun's gst-crypto plugin is a GStreamer plugin that makes it easy to encrypt or decrypt content passing through a GStreamer pipeline. gst-crypto will take advantage of any available crypto hardware accelerators. gst-crypto is based on OpenSSL so any encryption technology supported by OpenSSL can be supported by gst-crypto. The plugin supports any encrypt/decrypt chiper that openssl support, only aes-128-cbc and aes-256-cbc ciphers have been validated. gst-crypto source code has not yet been reviewed by experts for security deficiencies.
Also, gst-crypto does not support seeking and some mux/demuxers, please inquire in case this is needed. RidgeRun has solutions that support seeking while doing decrypting.
gst-crypto GStreamer Plugin Features
- aes-128-cbc and aes-256-cbc cipher support verified
- Password or key/iv setup
- GStreamer 0.10.x support
- GStreamer 1.x support
Example Use Cases
- Capture audio/video from a camera directly into an encrypted media file.
- Decrypt streaming audio/video and render to local display/speakers.
GStreamer Plugin Support
Please Contact RidgeRun for any modifications or extensions needed and Integration into other Embedded Linux Systems (e.g. Ubuntu, Yocto, ...).
Build and run on a local Linux PC
Tested on Ubuntu-14.04 64 bit:
Source code fetch
git clone git@github.com:RidgeRun/gst-crypto cd gst-crypto
GStreamer 1.x
git checkout release-1.0
Note: There are tagged releases also.
Compilation
./autogen.sh ./configure --libdir=/usr/lib/x86_64-linux-gnu/ make sudo make install
The location of the plug-in can vary according to the system. The following table summarizes some standard locations for different setups
| System | Libdir |
|---|---|
| Ubuntu | /usr/lib/x86_64-linux-gnu/ |
| Mac OSX (macports) | /opt/local/lib |
| RidgeRun SDK | /usr/lib/ |
| Tegra X1/X2 | /usr/lib/aarch64-linux-gnu |
If you don't want to install it into your system you can specify the directory path with:
GST_PLUGIN_PATH=src/.libs/ gst-launch ....
gst-crypto Source code
Location
Example pipelines
Test pipeline
On Ubuntu after default installation to /usr/local/lib/gstreamer.0.10
echo "This is a crypto test ... " > plain.txt && gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=plain.txt ! crypto mode=enc ! gst-crypto mode=dec ! filesink location=dec.txt && cat dec.txt
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
echo "This is a crypto test ... " > plain.txt && gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=plain.txt ! crypto mode=enc ! crypto mode=dec ! filesink location=dec.txt && cat dec.txt
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto ! <some other elements>
Creating an encrypted video with the openssl tool and playback
Download demo video
wget http://blender-mirror.kino3d.org/peach/bigbuckbunny_movies/big_buck_bunny_720p_surround.avi
Encrypt
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_720p_surround.avi -out big_buck_bunny_720p_surround.avi.enc
Playback
Playback on a local display
On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! ffdec_mpeg4 ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! decodebin ! queue ! xvimagesink
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch-1.0 <some other elements> ! crypto ! <some other elements>
Streaming to a host
On the target board
On Ubuntu after default installation to /usr/local/lib/gstreamer-0.10
gst-launch --gst-plugin-path=/usr/local/lib/gstreamer-0.10 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
GStreamer 1.x
On Ubuntu after default installation to /usr/local/lib/gstreamer-1.0
gst-launch-1.0 --gst-plugin-path=/usr/local/lib/gstreamer-1.0 filesrc location=big_buck_bunny_720p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux ! mpegtsmux ! queue ! udpsink port=3000 host=10.251.101.40 sync=true enable-last-buffer=false
Note: Replace the IP address according to your host system.
Note: The default password is RidgeRun. Change the password in the above openssl command and use the pass property of gst-crypto to use a different one.
Note: You could also test the plugin without make install. Just run the pipeline from the source tree like:
GST_PLUGIN_PATH=src/.libs/ gst-launch <some other elements> ! crypto ! <some other elements>
On the host
gst-launch udpsrc port=3000 ! mpegtsdemux ! queue ! decodebin ! fpsdisplaysink sync=true async=false
Encoding/Decoding Playback Pipelines
GStreamer 1.0
- TS - encrypting with gstcrypto
gst-launch-1.0 -e videotestsrc is-live=true ! x264enc ! queue ! h264parse ! mpegtsmux ! filesink location=test.ts sync=true
gst-launch-1.0 filesrc location=test.ts ! crypto mode=enc ! filesink location=test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- AVI - encrypting with gstcrypto
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
gst-launch-1.0 filesrc location=test.avi ! crypto mode=enc ! filesink location=test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- QuickTime - encrypting with gstcrypto
wget https://download.blender.org/peach/bigbuckbunny_movies/big_buck_bunny_480p_h264.mov
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov ! crypto mode=enc ! filesink location=big_buck_bunny_480p_h264.mov.enc
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.enc ! crypto mode=dec ! filesink location=big_buck_bunny_480p_h264.mov.dec
gst-launch-1.0 filesrc location=big_buck_bunny_480p_h264.mov.dec ! qtdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- TS - encrypting with openssl
gst-launch-1.0 -e videotestsrc is-live=true ! x264enc ! queue ! h264parse ! mpegtsmux ! filesink location=test.ts sync=true
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.ts -out test.ts.enc
gst-launch-1.0 filesrc location=test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- AVI - encrypting with openssl
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! x264enc ! avimux ! filesink location=test.avi
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in test.avi -out test.avi.enc
gst-launch-1.0 filesrc location=test.avi.enc ! crypto mode=dec ! queue ! avidemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
Encoding/Decoding Livestream Pipelines
GStreamer 1.0
- TS - Encrypting Camera livestream with GstCrypto to a file
gst-launch-1.0 -e v4l2src device=/dev/video0 ! queue ! x264enc ! queue ! h264parse ! mpegtsmux ! queue ! rndbuffersize min=4096 max=4096 ! crypto mode=enc ! filesink location=live.ts.enc
- TS - Decrypt encoded file from the camera livestream
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsdemux ! h264parse ! avdec_h264 ! queue ! xvimagesink
- TS - Decrypt encoded file to a video file
gst-launch-1.0 filesrc location=live.ts.enc blocksize=4096 ! crypto mode=dec ! queue ! tsparse ! queue ! filesink location=live.ts sync=false
Encoding/Decoding Udpstream
GStreamer 1.0
H264 + Transport Stream
- Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! x264enc ! h264parse ! mpegtsmux ! tsparse ! rndbuffersize min=4096 max=4096 ! queue ! crypto mode=enc ! queue ! udpsink port=5000
- Receiver: Decrypt to a file
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec ! queue ! tsparse ! queue ! filesink location=udpstream.ts
- Receiver: Save encrypted udpstream
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! filesink location=udpstream.ts.enc
Jpeg
- Server
gst-launch-1.0 videotestsrc is-live=true pattern=ball ! jpegenc ! queue ! rndbuffersize min=4096 max=4096 ! queue ! crypto mode=enc ! queue ! udpsink port=5000
- Receiver: Decrypt to a display
gst-launch-1.0 udpsrc port=5000 buffer-size=4096 ! queue ! crypto mode=dec ! queue ! jpegparse ! jpegdec ! queue ! xvimagesink sync=false
Encoding/Decoding on the Fly
GStreamer 1.0
- Encoding, decoding and sending output to display in one pipeline
gst-launch-1.0 videotestsrc is-live=true num-buffers=300 ! "video/x-raw,width=(int)1280,height=(int)720,framerate=(fraction)30/1" ! jpegenc ! queue ! rndbuffersize min=4096 max=4096 ! crypto mode=enc ! queue ! crypto mode=dec ! jpegparse ! jpegdec ! xvimagesink
Using Crypto Hardware Acceleration
Crypto Hardware Acceleration can be used transparently with the plugin and can be configured independently.
There are some considerations to take into account:
- Does the MCU include a hardware crypto unit (e.g. CAAM on i.MX6)?
- Which setup would result in a performance gain (e.g data block size on i.MX6)?
- Is the cipher to be used supported by the hardware crypto unit and the kernel driver?
- Is the kernel driver implemented efficiently?
Please check RidgeRun's GstCrypto Git Repository
Test pipelines for release2.0
Raw data file
Encode
gst-launch-1.0 filesrc location=small-file.file ! crypto mode=enc ! filesink location=small-file.file.enc
Decode
gst-launch-1.0 filesrc location=small-file.file.enc ! crypto mode=dec ! filesink location=output.dec
Notes: 1 byte file, content was verified before/after crypto encode/decode, data was not affected by encode/decode process
Big Buck Bunny avi file
Encode file with gst-crypto
gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi ! crypto mode=enc ! filesink location=big_buck_bunny_1080p_surround.avi.enc
Decode and display
gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi.enc blocksize=4096 ! crypto mode=dec ! queue ! avidemux ! avdec_mpeg4 ! xvimagesink
Encoding with openssl Decoding also work when using openssl for encoding
Encode with openssl
openssl enc -k RidgeRun -nosalt -aes-128-cbc -in big_buck_bunny_1080p_surround.avi -out openssl-enc-big_buck_bunny_1080p_surround.avi.enc
Decode and display
gst-launch-1.0 filesrc location=openssl-enc-big_buck_bunny_1080p_surround.avi.enc blocksize=4096 ! crypto mode=dec ! queue ! avidemux ! avdec_mpeg4 ! xvimagesink
Audio/video decode file Note: this pipeline can be optimized, just for testing.
GST_DEBUG=3 gst-launch-1.0 filesrc location=big_buck_bunny_1080p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux name=demux demux.video_0 ! 'video/mpeg, mpegversion=(int)4' ! queue ! avdec_mpeg4 ! xvimagesink async=false demux.audio_0 ! queue ! decodebin ! audioconvert ! alsasink async=false
iMX6 example pipelines
Tested on iMX6 Nitrogen6x board with RidgeRun SDK:
Avi decrypt and playback
gst-launch-1.0 filesrc location=/mnt/big_buck_bunny_1080p_surround.avi.enc ! crypto mode=dec ! queue ! avidemux name=demux demux.video_0 ! 'video/mpeg, mpegversion=(int)4' ! queue ! vpudec ! imxv4l2sink name=videosink device=/dev/video17 async=false
iMX6 transport stream
gst-launch-1.0 filesrc location=/mnt/test.ts.enc ! crypto mode=dec ! queue ! tsdemux ! vpudec ! imxv4l2sink name=videosink device=/dev/video17 async=false
For direct inquiries, please refer to the contact information available on our Contact page. Alternatively, you may complete and submit the form provided at the same link. We will respond to your request at our earliest opportunity.
Links to RidgeRun Resources and RidgeRun Artificial Intelligence Solutions can be found in the footer below.
ARTIFICIAL INTELLIGENCE
