Mulvya's answer covered the ffmpeg-options.
I'm just adding a concrete example and talk about playback too, as i did some experiments yesterday (independently).
Encryption example
ffmpeg -i SampleVideo_1280x720_1mb.mp4 -vcodec copy -acodec copy -encryption_scheme cenc-aes-ctr -encryption_key 76a6c65c5ea762046bd749a2e632ccbb -encryption_kid a7e61c373e219033c21091fa607bf3b8 SampleVideo_1280x720_1mb_encrypted.mp4
(of course usage might be different for your case; i just remuxed video and audio)
Playback / Decoding
ffplay
ffplay SampleVideo_1280x720_1mb_encrypted.mp4 -decryption_key 76a6c65c5ea762046bd749a2e632ccbb
But as this is more or less a prototype-player, one might want to use something more powerful.
mpv
mpv --demuxer-lavf-o=decryption_key=76a6c65c5ea762046bd749a2e632ccbb SampleVideo_1280x720_1mb_encrypted.mp4
There is some discussion here as my first expected command-line did not behave as expected!
Edit: trying to address Reino's questions
The encryption_key
is just 128 bit = 16 bytes encoded as Hex (following the usage of AES-128-CTR). So random.org with a configuration of 16 bytes and hex.encoding would be a valid key (but i'm not recommending to trust external resources in general). I used python's secrets module which boils down to: secrets.token_hex(16)
. This encryption_key
will be needed for decoding.
The encryption_kid
Key ID is just an identifier for this key, probably needed for more complex usage-patterns (i'm !guessing! you could do something like: hey video... which of my 1000 keys do i need for you?). I suppose it's mandatory to pass it, but it's not required for decoding (if you know which key to use for which video).
The official references would be:
- Standard
- ffmpeg implementation: docs (available through command-line) or a short extraction