AWS Security Blog

Amazon Elastic Transcoder Now Supports AES-128 Encryption for HLS Content

Six weeks ago, we announced that Amazon Elastic Transcoder released support for encryption of media assets using AWS Key Management Service (KMS). Today we are making another improvement to how Elastic Transcoder protects your media assets with encryption. You can now use AES-128 encryption to protect the transcoded files that are delivered to your end users by using the HLS protocol.

When you enable this feature, each media segment that Elastic Transcoder outputs is encrypted using a 128-bit AES data encryption key. A URL to the decryption keys is written to each playlist. When the content is viewed, the player will download the keys and decrypt the media segments during the playback process.

You have two choices when it comes to data keys: You can create your own keys, or you can have Elastic Transcoder generate them for you. If you decide to create and use your own data keys, you can specify the one to use in the playlist’s Content Protection section. Each data key is encrypted with the KMS master key that you configure in your account.

For more information about how this works, see the AWS Blog and the Amazon Elastic Transcoder documentation.

– Ken