RTSP/SRTP in gstreamer (MIKEY vrl2rtspserver)

Manikandan Valaguru manikandan.v at e-consystems.com
Mon Mar 31 06:07:07 UTC 2025 

Hi,
Thanks for your reply we could not use GstRtspServer because we have our own live555 server which we have modified for our use case

Also we have already tested client-managed-mikey<https://gstreamer.freedesktop.org/documentation/rtsp/rtspsrc.html?gi-language=c#rtspsrc:client-managed-mikey> this with gstreamer 1.26   which is working fine but most of our clients use gstreamer version 1.18 to 1.22 so we are currently devloping an application to take care of the mikey encrytion  any examples or guidance on this would be very helpful

Regards,
Manikandan




________________________________
From: Nicolas Dufresne <nicolas at ndufresne.ca>
Sent: Saturday, March 29, 2025 1:34 AM
To: Discussion of the development of and with GStreamer <gstreamer-devel at lists.freedesktop.org>
Cc: Manikandan Valaguru <manikandan.v at e-consystems.com>
Subject: Re: RTSP/SRTP in gstreamer (MIKEY vrl2rtspserver)

You don't often get email from nicolas at ndufresne.ca. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
Le jeudi 27 mars 2025 à 06:24 +0000, Manikandan Valaguru via gstreamer-devel a écrit :
Hi,
I am currently working with a custom v4l2rtspserver built on Live555, aiming to enable RTSPS (RTSP over TLS) and SRTP (Secure RTP) for secure video streaming. My objective is to stream encrypted video and successfully decode it in GStreamer.

You may have used GstRtspServer library instead, which already implement all this security.


Based on my understanding:

    RTSPS encryption and decryption rely on TLS certificates.

    SRTP requires a decryption key, which can be extracted from the MIKEY data in the SDP (Session Description Protocol) of the RTSP response.

    Using this key, I need to construct a GStreamer pipeline to decrypt SRTP packets.

Could you confirm if this approach is correct?

Currently, I am extracting the SRTP key from the SDP session and embedding it into the GStreamer pipeline as follows:

GST_DEBUG=3 gst-launch-1.0 rtspsrc location=rtsps://econ:econ@192.168.1.23:5005/routecam tls-validation-flags=4 protocols=udp \
    ! application/x-srtp, srtp-key=a053ace0edcaba09192bff35fa01da6170317cd36af12b87be015f416701, \
      srtp-cipher=aes-128-icm, srtp-auth=hmac-sha1-80, roc=0 \
    ! srtpdec \
    ! rtph264depay \
    ! avdec_h264 \
    ! xvimagesink -v

Decryption is implemented inside rtspsrc element. In the RFC defined protocol, the keys are provision by the server. Though we also have a non-compliant mode where the keys are managed by the client.  Here's pointer to the doc. Note that there is very little to no activity on the mailing. We encourage to use discourse.gstreamer.org for future questions.

- https://gstreamer.freedesktop.org/documentation/rtsp/rtspsrc.html?gi-language=c#rtspsrc:client-managed-mikey
- https://gstreamer.freedesktop.org/documentation/rtsp/rtspsrc.html?gi-language=c#example-launch-line




However, I am encountering issues during playback. I have attached the error logs and MIKEY data for reference. Could you please review them and let me know if I am missing anything?

Looking forward to your insights.

Regards,
Manikandan
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Taking any action in reliance on the contents of this information is strictly prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. WARNING: Although the company has taken reasonable precautions to ensure no viruses are present in this email, e-con cannot accept responsibility for any loss or damage arising from the use of this email or attachment.

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Taking any action in reliance on the contents of this information is strictly prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. WARNING: Although the company has taken reasonable precautions to ensure no viruses are present in this email, e-con cannot accept responsibility for any loss or damage arising from the use of this email or attachment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/gstreamer-devel/attachments/20250331/df014519/attachment-0001.htm>

More information about the gstreamer-devel mailing list