How to encrypt the ffmpeg output when generating video chunks?
Clash Royale CLAN TAG#URR8PPP
I can openssl encrypt a ffmpeg video stream with
ffmpeg -i video1.mp4-video1.mp4.mp4 -f ogg - |
openssl enc -des3 > outptu.ogg.des3
Which strategy would you use to encrypt the ffmpeg output when generating chunks (say of given duration) given by the command:
ffmpeg -f video4linux2 -s vga -i /dev/video0 -f segment -segment_time 1
-strftime 1 '%Y-%m-%d_%H-%M-%S.ts'
I need to have %Y-%m-%d_%H-%M-%S.ts.des3 instead of %Y-%m-%d_%H-%M-%S.ts
I would love using a name pipe, but it means I have to detect file headers and footers of each chunks generated by ffmpeg.
I guess the straightest solution is to run a background script that encrypt automatically new detected files.
files pipe encryption openssl ffmpeg
asked Dec 15 '16 at 16:52
user123456user123456
1,51421538
add a comment |
I can openssl encrypt a ffmpeg video stream with
ffmpeg -i video1.mp4-video1.mp4.mp4 -f ogg - |
openssl enc -des3 > outptu.ogg.des3
Which strategy would you use to encrypt the ffmpeg output when generating chunks (say of given duration) given by the command:
ffmpeg -f video4linux2 -s vga -i /dev/video0 -f segment -segment_time 1
-strftime 1 '%Y-%m-%d_%H-%M-%S.ts'
I need to have %Y-%m-%d_%H-%M-%S.ts.des3 instead of %Y-%m-%d_%H-%M-%S.ts
I would love using a name pipe, but it means I have to detect file headers and footers of each chunks generated by ffmpeg.
I guess the straightest solution is to run a background script that encrypt automatically new detected files.
files pipe encryption openssl ffmpeg
asked Dec 15 '16 at 16:52
user123456user123456
1,51421538
add a comment |
I can openssl encrypt a ffmpeg video stream with
ffmpeg -i video1.mp4-video1.mp4.mp4 -f ogg - |
openssl enc -des3 > outptu.ogg.des3
Which strategy would you use to encrypt the ffmpeg output when generating chunks (say of given duration) given by the command:
ffmpeg -f video4linux2 -s vga -i /dev/video0 -f segment -segment_time 1
-strftime 1 '%Y-%m-%d_%H-%M-%S.ts'
I need to have %Y-%m-%d_%H-%M-%S.ts.des3 instead of %Y-%m-%d_%H-%M-%S.ts
I would love using a name pipe, but it means I have to detect file headers and footers of each chunks generated by ffmpeg.
I guess the straightest solution is to run a background script that encrypt automatically new detected files.
files pipe encryption openssl ffmpeg
asked Dec 15 '16 at 16:52
user123456user123456
1,51421538
I can openssl encrypt a ffmpeg video stream with
ffmpeg -i video1.mp4-video1.mp4.mp4 -f ogg - |
openssl enc -des3 > outptu.ogg.des3
Which strategy would you use to encrypt the ffmpeg output when generating chunks (say of given duration) given by the command:
ffmpeg -f video4linux2 -s vga -i /dev/video0 -f segment -segment_time 1
-strftime 1 '%Y-%m-%d_%H-%M-%S.ts'
I need to have %Y-%m-%d_%H-%M-%S.ts.des3 instead of %Y-%m-%d_%H-%M-%S.ts
I would love using a name pipe, but it means I have to detect file headers and footers of each chunks generated by ffmpeg.
I guess the straightest solution is to run a background script that encrypt automatically new detected files.
files pipe encryption openssl ffmpeg
files pipe encryption openssl ffmpeg
asked Dec 15 '16 at 16:52
user123456user123456
1,51421538
asked Dec 15 '16 at 16:52
user123456user123456
1,51421538
asked Dec 15 '16 at 16:52
user123456user123456
1,51421538
asked Dec 15 '16 at 16:52
user123456user123456
1,51421538
asked Dec 15 '16 at 16:52
user123456user123456
1,51421538
1,51421538
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
You are using the wrong tool for the job. Instead of piping the output into OpenSSL, write the output to a file which is located on an encrypted filesystem. Encrypted filesystems are designed for random access, file encryption tools such as openssl enc rarely are.
Furthermore openssl enc is bad crypto and should never be used. You're using DES3, which while still legally admissible by some standards is strongly deprecated in favor of AES. And the worst bit is that the way openssl derives a key from a password is ridiculously bad — it doesn't use a proper key stretching function, so brute-forcing through passwords is easy. Using the openssl command line tool for encryption is hard to do right and is never the best tool for the job. Just forget that openssl exists and use proper tools for the job, e.g. LUKS for full disk encryption, Ecryptfs for home directory encryption, gpg or 7z for per-file encryption. Even EncFS to mount an encrypted directory, while flawed, is a lot less broken than openssl.
answered Dec 27 '16 at 0:19
GillesGilles
538k12810881605
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f330667%2fhow-to-encrypt-the-ffmpeg-output-when-generating-video-chunks%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You are using the wrong tool for the job. Instead of piping the output into OpenSSL, write the output to a file which is located on an encrypted filesystem. Encrypted filesystems are designed for random access, file encryption tools such as openssl enc rarely are.
Furthermore openssl enc is bad crypto and should never be used. You're using DES3, which while still legally admissible by some standards is strongly deprecated in favor of AES. And the worst bit is that the way openssl derives a key from a password is ridiculously bad — it doesn't use a proper key stretching function, so brute-forcing through passwords is easy. Using the openssl command line tool for encryption is hard to do right and is never the best tool for the job. Just forget that openssl exists and use proper tools for the job, e.g. LUKS for full disk encryption, Ecryptfs for home directory encryption, gpg or 7z for per-file encryption. Even EncFS to mount an encrypted directory, while flawed, is a lot less broken than openssl.
answered Dec 27 '16 at 0:19
GillesGilles
538k12810881605
add a comment |
You are using the wrong tool for the job. Instead of piping the output into OpenSSL, write the output to a file which is located on an encrypted filesystem. Encrypted filesystems are designed for random access, file encryption tools such as openssl enc rarely are.
Furthermore openssl enc is bad crypto and should never be used. You're using DES3, which while still legally admissible by some standards is strongly deprecated in favor of AES. And the worst bit is that the way openssl derives a key from a password is ridiculously bad — it doesn't use a proper key stretching function, so brute-forcing through passwords is easy. Using the openssl command line tool for encryption is hard to do right and is never the best tool for the job. Just forget that openssl exists and use proper tools for the job, e.g. LUKS for full disk encryption, Ecryptfs for home directory encryption, gpg or 7z for per-file encryption. Even EncFS to mount an encrypted directory, while flawed, is a lot less broken than openssl.
answered Dec 27 '16 at 0:19
GillesGilles
538k12810881605
add a comment |
You are using the wrong tool for the job. Instead of piping the output into OpenSSL, write the output to a file which is located on an encrypted filesystem. Encrypted filesystems are designed for random access, file encryption tools such as openssl enc rarely are.
Furthermore openssl enc is bad crypto and should never be used. You're using DES3, which while still legally admissible by some standards is strongly deprecated in favor of AES. And the worst bit is that the way openssl derives a key from a password is ridiculously bad — it doesn't use a proper key stretching function, so brute-forcing through passwords is easy. Using the openssl command line tool for encryption is hard to do right and is never the best tool for the job. Just forget that openssl exists and use proper tools for the job, e.g. LUKS for full disk encryption, Ecryptfs for home directory encryption, gpg or 7z for per-file encryption. Even EncFS to mount an encrypted directory, while flawed, is a lot less broken than openssl.
answered Dec 27 '16 at 0:19
GillesGilles
538k12810881605
You are using the wrong tool for the job. Instead of piping the output into OpenSSL, write the output to a file which is located on an encrypted filesystem. Encrypted filesystems are designed for random access, file encryption tools such as openssl enc rarely are.
Furthermore openssl enc is bad crypto and should never be used. You're using DES3, which while still legally admissible by some standards is strongly deprecated in favor of AES. And the worst bit is that the way openssl derives a key from a password is ridiculously bad — it doesn't use a proper key stretching function, so brute-forcing through passwords is easy. Using the openssl command line tool for encryption is hard to do right and is never the best tool for the job. Just forget that openssl exists and use proper tools for the job, e.g. LUKS for full disk encryption, Ecryptfs for home directory encryption, gpg or 7z for per-file encryption. Even EncFS to mount an encrypted directory, while flawed, is a lot less broken than openssl.
answered Dec 27 '16 at 0:19
GillesGilles
538k12810881605
answered Dec 27 '16 at 0:19
GillesGilles
538k12810881605
answered Dec 27 '16 at 0:19
GillesGilles
538k12810881605
answered Dec 27 '16 at 0:19
GillesGilles
538k12810881605
538k12810881605
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f330667%2fhow-to-encrypt-the-ffmpeg-output-when-generating-video-chunks%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
