I use AWS elastic transcoder HLS AES content protection with No Store option to encrypt my .m3u8 file, as the following documentation says, it will automatically generate a set of Encryption Key, Encryption Key MD5 and Encryption Initialization Vector.
HLS AES protection with no store
I tried to hit ARN(which I specified in my Pipeline)with Encryption Key with aws-sdk’s KMS decrypt api, but got InvalidCiphertextException error.
My question is, how can I decrypt the Encryption Key and get a actual key (which I called, a content key), used for play a .m3u8 file?
Here I found the solution! use AWS KMS decrypt and insert params as follows:
const kmsDecryptparams = {
CiphertextBlob: Buffer.from(dataKey,'base64'),
EncryptionContext: {
service: 'elastictranscoder.amazonaws.com'
}
};
The official document doesn't answer any bit about it, but you can find some reference here.