[Libav-user] My idea towards the digital signature authorization
Hi, dear ffmpeg developer and user,
Good evening, I want to talk something about my idea toward putting some functions in the digital signature authorization in the ffmpeg.
My idea in a nutshell:
1. The normal situation is: When the ffmpeg decode the video content, the full video will become little segments, and the ffmpeg send those segments in some sort of rtmp server, (like the nginx server) and the ffplayer got the address of the rtmp and play the video.
2. So what if there is some hacker that know the address of your rtmp server,( I am not talking about rtmps, I am talking about if the hacker knows how to get into the rtmps.) and they use their ffmpeg to send a video to your server, so there will be a mess, you will maybe play some dangerous, sensitive or bad content.
So my idea of this problem is:
First, generate two random digital key, one public key, one private key. Using RSA key algorithm (which I already did).
Second, use the private key that we have, to sign each single one of the little segments, before they arrived the rtmp server.
Third, when it streaming, use the RSA public key to verify the segments, if verified ok, then play, if there is one that cannot fulfill the verification, then stop streaming.
So, I have some questions towards this, I am just a random computer science junior student, I do this for my research, I have no experiences with this questions.
First, where can I access the video segment file folder? Because I want to sign them using binary sign by loop, so when I know the video-1.m4s(mp4), so I can sign the video-100(mp4).
Second, where I should make this process smooth? In the normal situation, the segment they were send to the server, how can I send the video segments after signing, to the server?
Third, it seems very complicated if I want to add this functions in the command line, for instance, I need to add a command called -sign, and actually if I want to do all this at once, I will have a -verify function at the same time, so, I actually don't have to do anything with the server end, all I have to do is configure the ffmpeg? Because those command when they send to a server, they already start streaming, right? so I cannot do anything others in the server? or the ffplayer?
I would thank very much if some one can give me some suggestions on this, because I have confused about this for a long time.