Skip to content

Cloud Recording Encryption: Provide AdditionalInfo configuration #625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jmelancongen wants to merge 47 commits into
base: development
Choose a base branch
from
Open

Cloud Recording Encryption: Provide AdditionalInfo configuration #625

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
490a0b9
Detail the file structure of frame encrypted files
Apr 17, 2023
060043f
Support key rotation for cloud recording
jflevesque-genetec Mar 31, 2023
32bdfbc
Clarify usage of sym key generated by key rotation
jflevesque-genetec Apr 6, 2023
51a188f
Review formatting and wording of the latest changes
jflevesque-genetec Apr 19, 2023
127560b
Clarified wording for the initialization vector
jflevesque-genetec Apr 28, 2023
1a7d3fd
Add certificateId to the data model
jflevesque-genetec May 23, 2023
6a3141e
Update pssh box to support multiple certificates
jflevesque-genetec Jun 12, 2023
8e197fd
Rename and change type for CertificateId in RecordingEncryption
jflevesque-genetec Jun 15, 2023
96bbd89
Merge branch 'onvif:development' into video/cloud-encryption
jflevesque-genetec Jun 15, 2023
3c565d8
Apply code review suggestions
jflevesque-genetec Jun 22, 2023
e23cca7
Update the specification and wording to explicitely define the 2 encr…
jflevesque-genetec Jul 10, 2023
af7c136
Update box definition by using ISOBMFF syntax
jflevesque-genetec Jul 24, 2023
ac2c863
Add padding for encryption key
jflevesque-genetec Jul 24, 2023
470f3c9
Fix link reference
jflevesque-genetec Jul 27, 2023
f5860a2
Update CENC to only require the box when using static key encryption
jflevesque-genetec Jul 27, 2023
b8f1adb
Update asymmetric key system description
jflevesque-genetec Jul 27, 2023
dfa96bf
Update WSDL to return to old data model
jflevesque-genetec Jul 31, 2023
709cf98
Update spec to revert data model so as not to break compatibility
jflevesque-genetec Jul 31, 2023
8475e50
Fixed typo and remove unused type
jflevesque-genetec Aug 3, 2023
1181d90
Rename Certificate to AsymmetricEncryption element in wsdl
jflevesque-genetec Aug 23, 2023
a223d7a
Add mention that full key must be used for encryption
jflevesque-genetec Sep 7, 2023
bbca0e1
Merge branch 'development' into video/cloud-encryption
jmelancongen Mar 25, 2025
6760db7
Capabilities & fix advanced security in onvif.xsd
jmelancongen Mar 25, 2025
8ee1e37
Cleanup references
jmelancongen Mar 25, 2025
48f2744
Add RSA & EC encryption strategies to recording
jmelancongen May 7, 2025
fb256ba
Small cleanups
jmelancongen May 7, 2025
e308c44
Remove obsolete mention to SHA-1
jmelancongen May 8, 2025
3d53419
Describe how the EncapsulatedSharedSecretSize is calculated
jmelancongen May 8, 2025
7de1b7d
Clarifications on encryption diagram
jmelancongen May 21, 2025
11719b8
Clarifications on configuration & schemes names
jmelancongen May 21, 2025
ee82c33
Undo unrelated styling changes
jmelancongen May 26, 2025
0f223bd
Update doc/RecordingControl.xml
jmelancongen May 26, 2025
10dd6ac
Fix typo
jmelancongen May 27, 2025
892a08b
Apply suggestions from code review
jmelancongen May 28, 2025
0366971
Add RFC & IANA references
jmelancongen May 29, 2025
af34ca4
Add fault for ambiguous configuration
jmelancongen Jun 19, 2025
9078d6e
Apply review
jmelancongen Aug 14, 2025
2c42931
Complete review
jmelancongen Aug 19, 2025
71f244b
Remove useless certificate thumbprint algorithm field in PSSH
jmelancongen Aug 19, 2025
845d4b4
Unify the naming of parameters for Encryption V1 and V2
jmelancongen Aug 25, 2025
b264e7d
Reword Key/KID in the Asymmetric section to differentiate with the co…
jmelancongen Aug 25, 2025
6ab7fa4
Update the SystemId for Asymmetric Encryption due to prior art
jmelancongen Aug 26, 2025
1cd325c
Rename EncryptedKey to EncryptedSymmetricKey to match diagram
jmelancongen Aug 26, 2025
30d0690
Add AdditionalInfo configuration field
jmelancongen Sep 2, 2025
c19c999
Merge development into video/cloud-encryption-additionalinfo
jmelancongen Sep 5, 2025
ea178b0
Move the Info field last in box for backward compatibility
jmelancongen Sep 9, 2025
9f56a5f
Do it for real
jmelancongen Sep 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions doc/RecordingControl.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2221,6 +2221,8 @@ aligned(8) class AsymmetricKeySystemHeaderBox extends FullBox('pssh', version=1,
unsigned int(8)[EncapsulatedSharedSecretSize] EncapsulatedSharedSecret;
unsigned int(16) EncryptedSymmetricKeySize;
unsigned int(8)[EncryptedSymmetricKeySize] EncryptedSymmetricKey;
unsigned int(16) InfoSize;
unsigned int(8)[InfoSize] Info;
}
}
}
Expand All @@ -2245,6 +2247,8 @@ aligned(8) class AsymmetricKeySystemHeaderBox extends FullBox('pssh', version=1,
<para><literal>EncapsulatedSharedSecret</literal> is the HPKE shared secret value necessary to decrypt the encrypted key according to RFC 9180.</para>
<para><literal>EncryptedSymmetricKeySize</literal> Size of the <literal>EncryptedSymmetricKey</literal> field. Valid values depend on the encryption algorithm used by the certificate.</para>
<para><literal>EncryptedSymmetricKey</literal> The symmetric key (identified by <literal>KID</literal>) used for frame encryption, encrypted using the public key of the certificate according to the encryption version.</para>
<para><literal>InfoSize</literal> is the size in bytes of the <literal>Info</literal> field.</para>
<para><literal>Info</literal> is the value configured by the <literal>AdditionalInfo</literal> configuration field encoded as UTF-8.</para>
</section>
<section xml:id="_refCloudRecordingEncryptionVersion1">
<title>Encryption Version 1</title>
Expand All @@ -2262,6 +2266,11 @@ aligned(8) class AsymmetricKeySystemHeaderBox extends FullBox('pssh', version=1,
algorithms defined in the <literal>HpkeKem</literal>, <literal>HpkeHkdf</literal>, and <literal>HpkeAead</literal> fields,
the <literal>EncapsulatedSharedSecret</literal> field is derived using the <literal>Base</literal> mode of HPKE.
</para>
<para>
The <literal>AdditionalInfo</literal> field of the <literal>AsymmetricEncryption</literal> configuration is to be
used as the <literal>info</literal> parameter of the HPKE key derivation function. If the field is missing,
the device shall use an empty string.
</para>
<figure xml:id="_refHpkeEncryptionFigure">
<title>Encryption (Left) and Decryption (Right) using the HPKE algorithm</title>
<mediaobject>
Expand Down
Loading