How to encrypt the ffmpeg output when generating video chunks?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












1















I can openssl encrypt a ffmpeg video stream with



 ffmpeg -i video1.mp4-video1.mp4.mp4 -f ogg - | 
openssl enc -des3 > outptu.ogg.des3


Which strategy would you use to encrypt the ffmpeg output when generating chunks (say of given duration) given by the command:



ffmpeg -f video4linux2 -s vga -i /dev/video0 -f segment -segment_time 1
-strftime 1 '%Y-%m-%d_%H-%M-%S.ts'


I need to have %Y-%m-%d_%H-%M-%S.ts.des3 instead of %Y-%m-%d_%H-%M-%S.ts



I would love using a name pipe, but it means I have to detect file headers and footers of each chunks generated by ffmpeg.



I guess the straightest solution is to run a background script that encrypt automatically new detected files.










share|improve this question


























    1















    I can openssl encrypt a ffmpeg video stream with



     ffmpeg -i video1.mp4-video1.mp4.mp4 -f ogg - | 
    openssl enc -des3 > outptu.ogg.des3


    Which strategy would you use to encrypt the ffmpeg output when generating chunks (say of given duration) given by the command:



    ffmpeg -f video4linux2 -s vga -i /dev/video0 -f segment -segment_time 1
    -strftime 1 '%Y-%m-%d_%H-%M-%S.ts'


    I need to have %Y-%m-%d_%H-%M-%S.ts.des3 instead of %Y-%m-%d_%H-%M-%S.ts



    I would love using a name pipe, but it means I have to detect file headers and footers of each chunks generated by ffmpeg.



    I guess the straightest solution is to run a background script that encrypt automatically new detected files.










    share|improve this question
























      1












      1








      1








      I can openssl encrypt a ffmpeg video stream with



       ffmpeg -i video1.mp4-video1.mp4.mp4 -f ogg - | 
      openssl enc -des3 > outptu.ogg.des3


      Which strategy would you use to encrypt the ffmpeg output when generating chunks (say of given duration) given by the command:



      ffmpeg -f video4linux2 -s vga -i /dev/video0 -f segment -segment_time 1
      -strftime 1 '%Y-%m-%d_%H-%M-%S.ts'


      I need to have %Y-%m-%d_%H-%M-%S.ts.des3 instead of %Y-%m-%d_%H-%M-%S.ts



      I would love using a name pipe, but it means I have to detect file headers and footers of each chunks generated by ffmpeg.



      I guess the straightest solution is to run a background script that encrypt automatically new detected files.










      share|improve this question














      I can openssl encrypt a ffmpeg video stream with



       ffmpeg -i video1.mp4-video1.mp4.mp4 -f ogg - | 
      openssl enc -des3 > outptu.ogg.des3


      Which strategy would you use to encrypt the ffmpeg output when generating chunks (say of given duration) given by the command:



      ffmpeg -f video4linux2 -s vga -i /dev/video0 -f segment -segment_time 1
      -strftime 1 '%Y-%m-%d_%H-%M-%S.ts'


      I need to have %Y-%m-%d_%H-%M-%S.ts.des3 instead of %Y-%m-%d_%H-%M-%S.ts



      I would love using a name pipe, but it means I have to detect file headers and footers of each chunks generated by ffmpeg.



      I guess the straightest solution is to run a background script that encrypt automatically new detected files.







      files pipe encryption openssl ffmpeg






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 15 '16 at 16:52









      user123456user123456

      1,51421538




      1,51421538




















          1 Answer
          1






          active

          oldest

          votes


















          0














          You are using the wrong tool for the job. Instead of piping the output into OpenSSL, write the output to a file which is located on an encrypted filesystem. Encrypted filesystems are designed for random access, file encryption tools such as openssl enc rarely are.



          Furthermore openssl enc is bad crypto and should never be used. You're using DES3, which while still legally admissible by some standards is strongly deprecated in favor of AES. And the worst bit is that the way openssl derives a key from a password is ridiculously bad — it doesn't use a proper key stretching function, so brute-forcing through passwords is easy. Using the openssl command line tool for encryption is hard to do right and is never the best tool for the job. Just forget that openssl exists and use proper tools for the job, e.g. LUKS for full disk encryption, Ecryptfs for home directory encryption, gpg or 7z for per-file encryption. Even EncFS to mount an encrypted directory, while flawed, is a lot less broken than openssl.






          share|improve this answer






















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f330667%2fhow-to-encrypt-the-ffmpeg-output-when-generating-video-chunks%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            You are using the wrong tool for the job. Instead of piping the output into OpenSSL, write the output to a file which is located on an encrypted filesystem. Encrypted filesystems are designed for random access, file encryption tools such as openssl enc rarely are.



            Furthermore openssl enc is bad crypto and should never be used. You're using DES3, which while still legally admissible by some standards is strongly deprecated in favor of AES. And the worst bit is that the way openssl derives a key from a password is ridiculously bad — it doesn't use a proper key stretching function, so brute-forcing through passwords is easy. Using the openssl command line tool for encryption is hard to do right and is never the best tool for the job. Just forget that openssl exists and use proper tools for the job, e.g. LUKS for full disk encryption, Ecryptfs for home directory encryption, gpg or 7z for per-file encryption. Even EncFS to mount an encrypted directory, while flawed, is a lot less broken than openssl.






            share|improve this answer



























              0














              You are using the wrong tool for the job. Instead of piping the output into OpenSSL, write the output to a file which is located on an encrypted filesystem. Encrypted filesystems are designed for random access, file encryption tools such as openssl enc rarely are.



              Furthermore openssl enc is bad crypto and should never be used. You're using DES3, which while still legally admissible by some standards is strongly deprecated in favor of AES. And the worst bit is that the way openssl derives a key from a password is ridiculously bad — it doesn't use a proper key stretching function, so brute-forcing through passwords is easy. Using the openssl command line tool for encryption is hard to do right and is never the best tool for the job. Just forget that openssl exists and use proper tools for the job, e.g. LUKS for full disk encryption, Ecryptfs for home directory encryption, gpg or 7z for per-file encryption. Even EncFS to mount an encrypted directory, while flawed, is a lot less broken than openssl.






              share|improve this answer

























                0












                0








                0







                You are using the wrong tool for the job. Instead of piping the output into OpenSSL, write the output to a file which is located on an encrypted filesystem. Encrypted filesystems are designed for random access, file encryption tools such as openssl enc rarely are.



                Furthermore openssl enc is bad crypto and should never be used. You're using DES3, which while still legally admissible by some standards is strongly deprecated in favor of AES. And the worst bit is that the way openssl derives a key from a password is ridiculously bad — it doesn't use a proper key stretching function, so brute-forcing through passwords is easy. Using the openssl command line tool for encryption is hard to do right and is never the best tool for the job. Just forget that openssl exists and use proper tools for the job, e.g. LUKS for full disk encryption, Ecryptfs for home directory encryption, gpg or 7z for per-file encryption. Even EncFS to mount an encrypted directory, while flawed, is a lot less broken than openssl.






                share|improve this answer













                You are using the wrong tool for the job. Instead of piping the output into OpenSSL, write the output to a file which is located on an encrypted filesystem. Encrypted filesystems are designed for random access, file encryption tools such as openssl enc rarely are.



                Furthermore openssl enc is bad crypto and should never be used. You're using DES3, which while still legally admissible by some standards is strongly deprecated in favor of AES. And the worst bit is that the way openssl derives a key from a password is ridiculously bad — it doesn't use a proper key stretching function, so brute-forcing through passwords is easy. Using the openssl command line tool for encryption is hard to do right and is never the best tool for the job. Just forget that openssl exists and use proper tools for the job, e.g. LUKS for full disk encryption, Ecryptfs for home directory encryption, gpg or 7z for per-file encryption. Even EncFS to mount an encrypted directory, while flawed, is a lot less broken than openssl.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 27 '16 at 0:19









                GillesGilles

                538k12810881605




                538k12810881605



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f330667%2fhow-to-encrypt-the-ffmpeg-output-when-generating-video-chunks%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown






                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?