HLS Dynamic Encryption with AES 128 & Safari Support

In the documentation ( http://msdn.microsoft.com/library/azure/dn783457.aspx/ ),
to play the video, it says client need to "Request the key from the key delivery service" .
But I don't know how to add Authorization header when Safari requests to key service URI.
How can I add some headers to key request? or Is there other solutions to play?

Hi,
If you are using Token-authentication for Safari native playback, it is not so straightforward to put in Token in the authentication header. We are not yet supporting it yet. However, if you use Open Auth, Safari can play back AES encrypted HLS natively
without any extra step.
I will keep you posted on the solution.
Cheers,
Mingfei Yan

Similar Messages

CF9 Encrypt with AES 256-bit, example anyone?

Hi there. I'm looking for a working example of the Encrypt method using the AES 256 bit key. I think that I have the Unlimited Strength Jurisdiction Policy Files enabled. And I'm still getting the CFError,
The key specified is not a valid key for this encryption: Illegal key size.
Now i hit the wall, can't get it. What wrong am i doing? How can I verify that the policy files are installed and accessible to my cf file? Any help is greatly appreciated.
<cfset thePlainText = "Is this working for me?" />
Generate Secret Key (128): <cfset AES128 = "#generatesecretkey('AES',128)#" /> <cfdump var="#AES128#"> 
Generate Secret Key (192): <cfset AES192 = "#generatesecretkey('AES',192)#" /> <cfdump var="#AES192#"> 
Generate Secret Key (256): <cfset AES256 = "#generatesecretkey('AES',256)#" /> <cfdump var="#AES256#"> 
<cfset theKey = AES256 />
<cfset theAlgorithm = "AES/CBC/PKCS5Padding" />
<cfset theEncoding = "base64" />
<cfset theIV = BinaryDecode("6d795465737449566f7253616c7431323538704c6173745f", "hex") />
<cfset encryptedString = encrypt(thePlainText, theKey, theAlgorithm, theEncoding, theIV) />

<cfset keyLengthInBits = arrayLen(BinaryDecode(theKey, "base64")) * 8 />
<cfset ivLengthInBits = arrayLen(theIV) * 8 />
<cfdump var="#variables#" label="AES/CBC/PKCS5Padding Results" />
<cfabort>

Verison 10 is different from 9 because they run on different servlet containers. CF 10 uses Tomcat, CF 9 uses JRun, so things are in different places.
\\ColdFusion10\jre\lib\security seems like the correct locaiton for the policy files to me. I actually gave you the wrong locations in my original post (sorry about that). According to the installation instructions they belong in <java-home>\lib\security, which is looks like you've found.
So something else is wrong. Here are some things to look at, in no particular order:
1. Are you using a JVM other than the Java 1.6 that comes with CF10?
2. Did you restart Tomcat after coping the files in?
3. Note that I keep saying FILES, did you copy BOTH of th .jar files from the JCE folder you unzipped into the security directory. It should have prompted you to overwrite existing files.
4. Did you try unzipping the files and copying them in again, on the chance that they did not overwrite the originals?
Sorry, I don't have CF10 installed to give this a try. But I have no reason to believe that it would not work in 10. It's all just JCA/JCE on the underlying JAVA, and I have heard no reports from anyone else that it doesn't work.
Jason

How to create SecretKey for AES 128 Encryption based on user's password??

I have written a below program to encrypt a file with AES 128 algorithm. This code works fine. It does encrypt and decrypt file successfully..
Here in this code I am generating SecretKey in the main() method with the use of key generator. But can anybody please tell me how can I generate SecretKey based on user's password?
Thanks in Advance,
Jenish
import java.io.InputStream;
import java.io.OutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectInputStream;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import java.security.spec.AlgorithmParameterSpec;
public class AESEncrypter
     Cipher ecipher;
     Cipher dcipher;
     public AESEncrypter(SecretKey key)
          // Create an 8-byte initialization vector
          byte[] iv = new byte[]
               0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
          AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
          try
               ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
               dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
               // CBC requires an initialization vector
               ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
               dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
          catch (Exception e)
               e.printStackTrace();
     // Buffer used to transport the bytes from one stream to another
     byte[] buf = new byte[1024];
     public void encrypt(InputStream in, OutputStream out)
          try
               // Bytes written to out will be encrypted
               out = new CipherOutputStream(out, ecipher);
               // Read in the cleartext bytes and write to out to encrypt
               int numRead = 0;
               while ((numRead = in.read(buf)) >= 0)
                    out.write(buf, 0, numRead);
               out.close();
          catch (java.io.IOException e)
     public void decrypt(InputStream in, OutputStream out)
          try
               // Bytes read from in will be decrypted
               in = new CipherInputStream(in, dcipher);
               // Read in the decrypted bytes and write the cleartext to out
               int numRead = 0;
               while ((numRead = in.read(buf)) >= 0)
                    out.write(buf, 0, numRead);
               out.close();
          catch (java.io.IOException e)
     public static void main(String args[])
          try
               // Generate a temporary key. In practice, you would save this key.
               // See also e464 Encrypting with DES Using a Pass Phrase.
               KeyGenerator     kgen     =     KeyGenerator.getInstance("AES");
               kgen.init(128);
               SecretKey key               =     kgen.generateKey();
               // Create encrypter/decrypter class
               AESEncrypter encrypter = new AESEncrypter(key);
               // Encrypt
               encrypter.encrypt(new FileInputStream("E:\\keeper.txt"),new FileOutputStream("E:\\Encrypted.txt"));
               // Decrypt
               encrypter.decrypt(new FileInputStream("E:\\keeper.txt"),new FileOutputStream("E:\\Decrypted.txt"));
          catch (Exception e)
               e.printStackTrace();
}

sabre150 wrote:
[PKCS12|http://www.rsa.com/rsalabs/node.asp?id=2138]
[PKCS5|http://www.rsa.com/rsalabs/node.asp?id=2127] , no?
In Java, you can use the [Password-based encryption PBE Cipher classes|http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#PBEEx] . I think you'll need the bouncycastle provider to get AES-based PBE ciphers.

Cryptsetup: Swap encryption with supend-to-disk doesn't work

Hello Community,
i'm trying to get swap encryption with suspend-to-disk support to a working state.
On my system only the /home partition is encrypted with cryptsetup-LUKS.
I'm using the howto on "Using a swap file" (with /home/swapfile as swap file) in the wiki: https://wiki.archlinux.org/index.php/Dm … sk_support
I followed exactly the given instructions:
From /etc/mkinitcpio.conf
HOOKS="base udev autodetect encrypt block resume filesystems keymap fsck"
From /etc/default/grub
GRUB_CMDLINE_LINUX="pcie_aspm=force pcie_aspm.policy=powersave pcie_port=native ipv6.disable=1 init=/usr/lib/systemd/systemd resume=/dev/mapper/crypthome resume_offset=16721572"
From /etc/fstab:
/home/swapfile none swap defaults 0 0
The swapfile is working. Suspend-to-disk also works. But when resuming, I always get:
ERROR: failed to open encryption mapping
The device UUID=... is not a LUKS volume and the crypto= parameter was not specified
running hook [resume]
Waiting 10 seconds for /dev/mapper/crypthome
ERROR: resume: hibernation device /dev/mapper/crypthome not found
Then the system recovers the filesystem of / and later after the passphrase input of /dev/mapper/home it is forced to recover the filesystem of /home.
Shouldn't I get a passphrase input when running the [resume] hook?
Where is the problem I have missed?
Thanks in advance!
Last edited by indianahorst (2014-01-23 17:39:31)

ball wrote:It seems that you've specified your home partition for the resume parameter, that is wrong. It should be the swap partition: https://wiki.archlinux.org/index.php/Su … parameters
No. Have you read my posting completely?
I don't use a swap partition. I'm using a Swapfile on my encrypted home partition. See the link in the first posting and go to "Using a swap file".

Can I recover an AES-128 encrypted disk image from the 'trash'?

I am a college student and I created an AES-128 encrypted disk image file (.dmg, .sparseimage) to store all my assignments and things. Unfortunately, while cleaning out my computer, I accidentally put the file in the trash without noticing and then proceeded to empty the trash. I then turned to the application 'MacKeeper' and used it's 'undelete' function but I could not find the file. It is very very important that I recover this file. I desperately need help.

You might have better luck with something stronger.....
http://www.macupdate.com/app/mac/10259/data-rescue
....I have not used it....(lucky)

Does Safari support a interactive PDF with hidden layers? I'm on version 5.0.3 and the interactive PDF displays just fine, but our web development team tells me all the layers display when they view the same PDF on Safari.

Does Safari support interactive PDFs with layers? Through the use of hidden layers and buttons we built in interactivity that allows the viewers to click on buttons to display different content. When I view the PDF in Safari 5.0.3 on my Mac OS 10.5.8 the PDF displays fine and the interactivity works. However our web design firm tell me the PDF displays all the hidden layers when they view it in Safari. Who's right?

Try updating your Safari to the latest version, 5.0.5.
Also check whether the rest of your system is up to date by going to Software Update in the Apple menu.

Does Adobe Reader for iOS and Android Support Encryption with PKI Solution?

Hello there,
I have been searching for an answer whether or not Adobe Reader for iOS and Android can read encrypted PDF files by public key infrastructure solution (encrypted by a public key, to be decrypted by its private key pair), but to date I have not found the answer. From the Adobe web site, I understand that Adobe Reader for Android supports to read encrypted document by AES256 but it does not mention about PKI. I had to guess that it does not support encryption with PKI but I would just like to get a formal answer, and would like to know whether Adobe Reader Mobile will support it.
Thanks!
Masaya

Hi there,
Now we have Acrobat DC Mobile but I am still wondering if encryption/description using PKI solution (digital certificates) is supported. Could anyone let me know? Thank you.
Masaya

After encrypting with filevault 2 on mountain lion, safari is extremely slow

after encrypting with filevault2 on mountain lion, safari is running extremely slow.
it's taking more than 45 seconds (sometimes a full minute) to load pages.
my internet speeds are 35 mbps download and 6.35 mpbs upload, so it's not my internet connection.
i have deleted the cache files and the system preferences.
i'm finding that chrome is faster, but i'm seeing slowness there too.
in encrypted using filevault 2.0 yesterday, all software is up to date.
can anyone please help me with this? i don't want to have to turn off filevault.
thanks!

Problems such as yours are sometimes caused by files that should belong to you but are locked or have a wrong owner. This procedure will check for such files. It makes no changes and therefore will not, in itself, solve your problem.
Launch the Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the page that opens.
Triple-click anywhere in the line below to select it, then drag or copy it — do not type — into the Terminal window:
find . $TMPDIR.. $ -flags +sappnd,schg,uappnd,uchg -o ! -user $UID $ -ls
Press return. The command may take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear.
Post any lines of output that appear below what you entered — the text, please, not a screenshot.
If any personal information appears in the output, edit before posting, but don’t remove the context.

WPA2 network authentication with AES Data Encryption

I have tried unsuccessfully to connect with my university's network....they are running WPA2 with AES data encryption....authentication is Protected EAP (PEAP). Any ideas of the iPhone can connect to something like this?

You've confirmed my suspicion. We use WPA2-Personal with AES Encryption as well and I just discovered after having bought my iPhone last night, that it will not connect. And yet every other WiFi device I own, including two Windows computers have no issue connecting to the same Access Point. Obviously the issue is with the iPhone and now I'll have to contact Apple to learn how the intend to resolve it.

No connection to Aironet 1602i Autonomous while using WPA2 Mandatory PSK with AES encryption

Hello,
I got a Cisco Aironet 1602i with Firmware 15.2.4-JB5. I have configured it to Broadcast a single SSID with Mandatory WPA2 PSK. The Encryption is set to AES CCMP. If I connect to the Network with three different Windows 8.1 Notebooks they will connect and authenticate, but the connection does not work. In fact, the notebook doesn't even receive an IP adress from my DHCP Server. Strange thing is, that the DHCP knows the notebook is there and assigns an IP, but the notebook doesn't receive it. If I assign static IP Adresses to the notebooks network cards, there is still no traffic going through. My mobile phone & my ebook reader work fine. They are listed as "unknown" clients in the Associations tab" but the network works on these devices. If I set the encryption to AES CCMP + TKIP the notebooks will connect (using TKIP) and everything works fine. I have used the Accesspoint with the same configuration for about one year. It suddenly stopped working three days ago. I have already reset the configuration (using write default-config) and reinstalled the firmware. I have set the configuration manually afterwards (doesn't matte if using webinterface or CLI) but the problem remains unsolved.
Help please :D

Hello again,
the Problem is not that the Intel utility takes too much time, but that the notebooks seem to Connect but dont communicate at all if using the Windows integrated connection manager.
I would prefer not to use the Intel utility at all, but to install the driver alone and use the Windows connection manager. I'm using a cheap access point of another brand at the moment and the problem does not exist there. With the same security settings.
I would like to use the Cisco AP again because range and data throughput are better.
Did I understand correctly that noone else has reported a similar Problem ?

Does Safari support Automatic Proxy Configuration with a .wpad file?

Hello,
I was wondering if anyone knows whether Safari supports Automatic Proxy Configuration with a .wpad file?
Morgan

HI Morgan ..
Safari is extremely finicky about proxies and according to Wikipedia it dates back to older browser versions.
http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol

Encryption "none" or AES-128

When duplicating a dvd, Disk Utility asks me to choose from 2 encryption options: "none" or "AES-128 (recommended)". If the latter is recommended, why isn't it the default. I chose "none". What did I lose/give up by not choosing the AES-128 option? thanks

Turning on encryption for a disk image makes it difficult for the image to be accessed by someone who doesn't know the password. If you burn the image's contents to a DVD just after making it, the encryption method used won't matter, and will only slow down the process because the data needs to be decrypted during the burn.
(11205)

Encrypt/decrypt AES 256, vorsalt error

Hiyas.
So I'm trying to get encrypt/decrypt to work for AES 256, with both 32byte key and 32byte IVorSalt. (Yup-new java security files v6 installed)
'IF' I 32byte key but dont use a IV at all, I get a nice looking AES 256 result. (I can tell it's AES 256 by looking the length of the encrypted string)
'IF' I use a 32byte key and 16bit salt, I get a AES 128 result (I know- as per docs theyre both s'posed to the same size, but the docs are wrong).
But when i switch to using both a 32byte key AND a 32byte salt I get the error below.
An error occurred while trying to encrypt or decrypt your input string: Bad parameters: invalid IvParameterSpec: com.rsa.jsafe.crypto.JSAFE_IVException: Invalid IV length. Should be 16.
Has anyone 'EVER' gotten encrypt to work for them using AES 256 32byte key and 32byte salt? Is this a bug in CF? Or Java? Or I am doing something wrong?

<cfset theAlgorithm = "Rijndael/CBC/PKCS5Padding" />
<cfset gKey = "hzj+1o52d9N04JRsj3vTu09Q8jcX+fNmeyQZSDlZA5w=">

<cfset theIV = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b","hex")>

<cffunction name="DoEncrypt" access="public" returntype="string" hint="Fires when the application is first created.">
 <cfargument name="szToEncrypt" type="string" required="true"/>
 <cfset secretkey = gKey>
 <cfset szReturn=encrypt(szToEncrypt, secretkey, theAlgorithm, "Base64", theIV)>
 <cfreturn szReturn>
</cffunction>
<cffunction name="DoDecrypt" access="public" returntype="string" hint="Fires when the application is first created.">
 <cfargument name="szToDecrypt" type="string" required="true"/>
 <cfset secretkey = gKey>
 <cfset szReturn=decrypt(szToDecrypt, secretkey, theAlgorithm, "Base64",theIV)>
 <cfreturn szReturn>
</cffunction>
<cfset szStart = form["toencrypt"]>
<cfset szStart = "Test me!">
<cfset szEnc = DoEncrypt(szStart)>
<cfset szDec = DoDecrypt(szEnc)>
<cfoutput>#szEnc# #szDec#</cfoutput>

Hi edevmachine,
This Bouncy Castle Encryption CFC supports Rijndael w/ 256-bit block size. (big thanks to Jason here and all who helped w/ that, btw!)
Example:
<cfscript>
BouncyCastleCFC = new path.to.BouncyCastle();
string = "ColdFusion Rocks!";
key = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd key
ivSalt = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd ivSalt
encrypted = BouncyCastleCFC.doEncrypt(string, key, ivSalt);
writeOutput(BouncyCastleCFC.doDecrypt(encrypted, key, ivSalt));
</cfscript>
Related links for anyone interested in adding 256-bit block size Rijndael support into ColdFusion:
- An explanation of how to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into ColdFusion
- An explanation of how to install the Bouncy Castle Crypto package into ColdFusion (near bottom, under the "Installing additional security providers" heading)
- An explanation of how to connect the Bouncy Castle classes together
- Bouncy Castle's doc for the Rijndael Engine
And here is the full CFC as posted in the StackOverflow discussion:
<cfcomponent displayname="Bounce Castle Encryption Component" hint="This provides bouncy castle encryption services" output="false">
<cffunction name="createRijndaelBlockCipher" access="private">
 <cfargument name="key" type="string" required="true" >
 <cfargument name="ivSalt" type="string" required="true" >
 <cfargument name="bEncrypt" type="boolean" required="false" default="1">
 <cfargument name="blocksize" type="numeric" required="false" default=256>
 <cfscript>
 // Create a block cipher for Rijndael
 var cryptEngine = createObject("java", "org.bouncycastle.crypto.engines.RijndaelEngine").init(arguments.blocksize);
 // Create a Block Cipher in CBC mode
 var blockCipher = createObject("java", "org.bouncycastle.crypto.modes.CBCBlockCipher").init(cryptEngine);
 // Create Padding - Zero Byte Padding is apparently PHP compatible.
 var zbPadding = CreateObject('java', 'org.bouncycastle.crypto.paddings.ZeroBytePadding').init();
 // Create a JCE Cipher from the Block Cipher
 var cipher = createObject("java", "org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher").init(blockCipher,zbPadding);
 // Create the key params for the cipher
 var binkey = binarydecode(arguments.key,"hex");
 var keyParams = createObject("java", "org.bouncycastle.crypto.params.KeyParameter").init(BinKey);
 var binIVSalt = Binarydecode(ivSalt,"hex");
 var ivParams = createObject("java", "org.bouncycastle.crypto.params.ParametersWithIV").init(keyParams, binIVSalt);
 cipher.init(javaCast("boolean",arguments.bEncrypt),ivParams);
 return cipher;
 </cfscript>
</cffunction>
<cffunction name="doEncrypt" access="public" returntype="string">
 <cfargument name="message" type="string" required="true">
 <cfargument name="key" type="string" required="true">
 <cfargument name="ivSalt" type="string" required="true">
 <cfscript>
 var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt);
 var byteMessage = arguments.message.getBytes();
 var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
 var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
 var cipherText = cipher.doFinal(outArray,bufferLength);
 return toBase64(outArray);
 </cfscript>
</cffunction>
<cffunction name="doDecrypt" access="public" returntype="string">
 <cfargument name="message" type="string" required="true">
 <cfargument name="key" type="string" required="true">
 <cfargument name="ivSalt" type="string" required="true">
 <cfscript>
 var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt,bEncrypt=false);
 var byteMessage = toBinary(arguments.message);
 var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
 var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
 var originalText = cipher.doFinal(outArray,bufferLength);
 return createObject("java", "java.lang.String").init(outArray);
 </cfscript>
</cffunction>
<cfscript>
function getByteArray(someLength)
 byteClass = createObject("java", "java.lang.Byte").TYPE;
 return createObject("java","java.lang.reflect.Array").newInstance(byteClass, someLength);
</cfscript>
</cfcomponent>
Thanks!,
-Aaron

How do I prioritize 256 bit encryption over the 128 bit variant?

Hello folks,
been using the fox for ages now. Thanks for the fine product :) .
Up to now I also never had a problem I couldn't find a solution for, but strangely enough, that one gets me, since I seem to be unable to find an option allowing me to deactivate the 128 bit variant of encryption.
The bank whose homepage it concerns already told me that they are offering it, and there was this nice add on that allowed me to deavtivate the rc4 protocol, but I just don't get from AES 128 to AES 256 wich I just like a banking site to have...
Any solution would be much appreciated, thanks in advance.

You can set all 128 bit SSL3 prefs to false on the about:config page to force using stronger ciphers.
Filter: ssl3*128
To open the about:config page, type about:config in the location (address) bar and press the "Enter" key, just like you type the url of a website to open a website. 
If you see a warning then you can confirm that you want to access that page. 
*Use the Filter bar at to top of the about:config page to locate a preference more easily.
*Preferences that have been modified show as bold (user set).
*Preferences can be reset to the default via the right-click context menu if they are user set
*Preferences can be changed via the right-click context menu: Modify (String or Integer) or Toggle (Boolean)
Some websites with old software may require to temporarily set security.ssl3.rsa_rc4_128_md5 to true if you get a cipher overlap error.

Firewall with AES Authentication?

Hello,
We are looking for a firewall that supports IPSec VPN with AES As authentication, referring to the following url:
http://www.ietf.org/rfc/rfc3566.txt
Note that it is not AES as encryption we are looking for, its AES as authentication.
Is there any Cisco firewall that supports this?
Best regards

Can someone explain me (step by stet) how to configure
a firewall with X86 solaris
what software ?
but without using sunscreen .
where to download them ?
Well, not much to say: http://coombs.anu.edu.au/~avalon/

HLS Dynamic Encryption with AES 128 & Safari Support

Similar Messages

Maybe you are looking for