hls.js icon indicating copy to clipboard operation
hls.js copied to clipboard
verified publisher icon video-dev

AES-GCM encryption

Open karthickvTR opened this issue 8 months ago • 1 comments

What do you want to do with Hls.js?

HI Everyone,

I’m checking whether AES-GCM encryption is currently supported?. This is in the context of reviewing our cryptography setup and addressing Snyk vulnerability alerts. At present, we’re using AES-CBC in our implementation, but we're encountering Snyk alerts related to it. Could someone please confirm which AES mode is supported in the latest version?

`var AESCrypto = /*#__PURE__*/function () {
  function AESCrypto(subtle, iv) {
    this.subtle = void 0;
    this.aesIV = void 0;
    this.subtle = subtle;
    this.aesIV = iv;
  }

  var _proto = AESCrypto.prototype;

  _proto.decrypt = function decrypt(data, key) {
    return this.subtle.decrypt({
      name: 'AES-CBC',
      iv: this.aesIV
    }, key, data);
  };

  return AESCrypto;
}();.`

thanks.

What have you tried so far?

No response

karthickvTR avatar Jun 06 '25 06:06 karthickvTR

The HLS spec requires support for AES-128 CBC. HLS.js does not support AES-GCM out of the box. I would echo the feedback shared in #7256 here - adding support would not make playback or delivery any more secure.

robwalch avatar Jun 17 '25 22:06 robwalch