Skip to content

Encryption tool

Jump to bottom
L. Le Meur edited this page Jun 16, 2022 · 36 revisions

The goal of this cross-platform command line executable is to be usable on any kind of processing pipeline.

Note that several processes can be active in parallel if necessary.

Name: lcpencrypt

Parameters:

  • input: file path of the source epub file. The utility can load files from a file system or an http(s) server (via GET).
  • [-storage]: optional, final storage of the encrypted publication, absolute file system path or S3 bucket. In the S3 case, the syntax is "s3:" + the AWS region (e.g. "eu-west-3") + ":" + the S3 bucket name (e.g. "lcp-storage").
  • [-url]: required if "-storage" is used (unused if not); base url associated with the storage (e.g. "https://lcp-storage.s3.eu-west-3.amazonaws.com").
  • [-output]: optional, used as an alternative to "storage" (don't use both); target path of the encrypted publication before it is moved to its final storage by the License Server. If not set, the temporary file will be created into the current directory. If the encrypted publication is not stored by the lcpencrypt utility, this path must be directly accessible from the LCP server (i.e. be on a shared network drive).
  • [-contentid]: optional, content identifier. if omitted a uuid is generated.
  • [-lcpsv]: optional, http endpoint of the license server (lcpserver), used for notifying that new content is available.
  • [-login]: required if -lcpsv is used; login used to connect to the license server.
  • [-password]: required if -lcpsv is used; password used to connect to the license server.

The software:

  • Loads the source epub file, exits on error if the file is not found or is not parsable.
  • If the content identifier is not set, generates a unique publication identifier.
  • Generates a content encryption key.
  • Encrypts the source content, exits on error if the process aborts.
  • Uploads the protected epub file to the target location, exits on error if the process aborts.
  • Optionally, sends a notification to the “lcpsv” server, using PUT on /content/ with a json structure as payload.
  • The json struct contains:
    • content-id: content identifier
    • content-encryption-key: content encryption key
    • storage-mode: indication of the way the encrypted content is stored: 0 = not stored yet; 1 = stored on S3; 2 = stored in a file system.
    • protected-content-location: absolution URL or file path of the encrypted content
    • protected-content-disposition: original file name
    • protected-content-type: media type of the encrypted content
    • protected-content-length: size of the encrypted content
    • protected-content-sha256: hash of the encrypted content

See the corresponding License Server API method

Implementation notes:

  • The communication between the utility and the LCP server is currently only protected by the use of https.
  • The encryption utility does not communicate with the provider’s backend; therefore the issue of content matching between provider products and protected contents is out of scope of this project.

Using lcpencrypt

In order to generate encrypted files, you will simply have to:

  1. check the access to the source folder, where unprotected EPUB files are stored (e.g. ~/epubfiles)
  2. create a target folder for encrypted files (e.g. ~/readiumlcp/encfiles)
  3. execute lcpencrypt:

Examples:

lcpencrypt -input "~/epubfiles/epub31.epub" -storage "/Users/X/lcp/files/storage" -url "https://edrlab.org/pub/storage" -lcpsv "http://192.168.0.1:8989" -login "login" -password "password"

lcpencrypt -input "~/epubfiles/epub31.epub" -storage "s3:eu-west-3:lcp-storage" -url "https://lcp-storage.s3.eu-west-3.amazonaws.com"

lcpencrypt -input "~/epubfiles/epub31.epub" -contentid epub31 -output "~/readiumlcp/encfiles/"

Clone this wiki locally