获取到crt和key文件

mkdir /etc/nginx/cert
cp ssl.crt /etc/nginx/cert/ssl.crt
cp ssl.key /etc/nginx/cert/ssl.key

配置nginx

server {
        listen 443 ssl;
        server_name somedomain.com;

        ssl_certificate  /etc/nginx/cert/ssl.crt;
        ssl_certificate_key /etc/nginx/cert/ssl.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         HIGH:!aNULL:!MD5;

        #...
}

server {
    listen 80;
    server_name somedomain.com;
    # 跳转到https
    rewrite ^(.*)$  https://$host$1 permanent;
}

重启nginx

nginx -t
nginx -s reload

生成加密key

openssl rand  16 > enc.key

生成IV

openssl rand -hex 16

新建enc.keyinfo，内容如下

enc.key
enc.key
191029d9c2d4e9051a8a5deb2f7f5c04

以加密hls.mkv为例

ffmpeg -i hls.mkv \
-codec:v libx264 \
-codec:a mp3 \
-map 0 \
-s 640x360 \
-hls_time 10 \
-hls_list_size 0 \
-hls_allow_cache 1 \
-hls_base_url http://localhost/videos/ \
-hls_segment_filename out%03d.ts \
-hls_key_info_file enc.keyinfo \
playlist.m3u8

新建html测试效果

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Encrypted Video Playback Test</title>
  <!-- Include video.js CSS -->
  <link href="https://vjs.zencdn.net/7.17.0/video-js.css" rel="stylesheet">

  <!-- Include video.js library -->
  <script src="https://vjs.zencdn.net/7.17.0/video.js"></script>
</head>
<body>

<video id="encrypted-video" class="video-js vjs-default-skin" controls width="640" height="360">
  <!-- Include an HLS source (replace with your encrypted m3u8 URL) -->
  <source src="/playlist.m3u8" type="application/x-mpegURL">
</video>

<script>
  // Initialize video.js
  var player = videojs('encrypted-video');

  // Add any additional configurations or event listeners if needed
</script>

</body>
</html>

python -m http.server 1089

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad

def encrypt_text(text: str, key_hex: str, iv_hex: str) -> str:
    key = bytes.fromhex(key_hex)
    iv = bytes.fromhex(iv_hex)
    text = text.encode('utf-8')
    cipher = AES.new(key, AES.MODE_CBC, iv)
    encrypted_data = cipher.encrypt(pad(text, AES.block_size))
    return encrypted_data.hex()


def decrypt_text(text: str, key_hex: str, iv_hex: str) -> str:
    key = bytes.fromhex(key_hex)
    iv = bytes.fromhex(iv_hex)
    text = bytes.fromhex(text)
    cipher = AES.new(key, AES.MODE_CBC, iv)
    decrypted_data = unpad(cipher.decrypt(text), AES.block_size)
    return decrypted_data.decode('utf-8')

const hexString = "68656c6c6f";
const byteArray = Buffer.from(hexString, 'hex');
console.log(byteArray);

由于浏览器不支持Buffer,使用下面的形式

const hexStringToByteArray = function (hexString) {
    const bytes = new Uint8Array(hexString.length / 2);

    for (let i = 0; i < hexString.length; i += 2) {
        bytes[i / 2] = parseInt(hexString.substr(i, 2), 16);
    }

    return bytes;
}

sudo -u postgres psql

create database mydb;
create user myuser with encrypted password 'mypass';
grant all privileges on database mydb to myuser;
alter user <username> with encrypted password '<password>';
#Granting privileges on database
grant all privileges on database <dbname> to <username> ;

#Creating user
sudo -u postgres createuser <username>
#Creating Database
sudo -u postgres createdb <dbname>
#Giving the user a password
sudo -u postgres psql