I am currently working on a project of videos on demand where I convert videos to HLS using FFMPEG.
Videos are publicly hosted on AWS S3 and there is an API giving the URL of the HLS playlist.
Now, I was looking at encrypting HLS files with AES-128 so that people can't download and watch the video offline. I found the procedure which consists in hosting the key online and using that key while converting the video to encrypt the segments.
The URL of the key is written in the HLS playlist, and the file is publicly available online.
So anyone has access to the encryption key.
I don't understand what is the point of encrypting the segments if anyone has access to the key.
Can someone enlighten me? I know I must be missing something. Thanks!
Encrypting HLS provides transport security as long as the key is requested over HTTPS as it should be. This is not a considered a DRM-level solution, it's just a very basic form of content protection.
In addition to using HTTPS for the keys you can improve it by authenticating key requests (eg. using a token based authentication mechanism) and rotating the keys every n minutes following the HLS standard.
If you want true DRM you have to look at other solutions like Widevine, Primetime etc.