Skip to content

Encryption tool

Jump to bottom
L. Le Meur edited this page May 12, 2020 · 36 revisions

The goal of this cross-platform command line executable is to be usable on any kind of processing pipeline.

Note that several processes can be active in parallel if necessary.

Name: lcpencrypt

Parameters:

  • input: file path of the source epub file. The utility can load files from a file system or an http(s) server (via GET).
  • [-contentid]: optional, content identifier. If not set, the content identifier will be randomly generated by the utility.
  • [-output]: optional, file path of the target protected content. If not set, a file named after the content-id (with an extension adapted to the output format) will be created into the working directory. If the utility notifies the LCP server after encryption, this file path must be directly accessible from the LCP server (e.g. be on a shared network drive).
  • [-lcpsv]: optional, http endpoint of the license server (lcpserver), used for notifying that new content is available.
  • [-login]: login used to connect to the license server, required if -lcpsv is used.
  • [-password]: password used to connect to the license server, required if -lcpsv is used.

The software:

  • Loads the source epub file, exits on error if the file is not found or is not parsable.

  • If the content identifier was not set as an input parameter, generates a unique identifier (content-id).

  • If the target location is not set, the default output file will be “.epub” and this file will be stored in the current directory.

  • Generates a content encryption key (content-encryption-key).

  • Encrypts the source content, exits on error if the process aborts.

  • Uploads the protected epub file to the target location (protected-content-location), exits on error if the process aborts.

  • Sends a json struct to stdout, with the following json data:

    • content-id: content identifier
    • content-encryption-key: content encryption key
    • protected-content-location: complete file path of the encrypted content
    • protected-content-disposition: file name of the encrypted content
    • protected-content-type: media type of the encrypted content
    • protected-content-length: size of the encrypted content
    • protected-content-sha256: hash of the encrypted content

  • Optionally, sends a notification to the “lcpsv” server, using PUT on /content/ with the preceding json structure as payload. See the corresponding License Server API method

In case of error, stdout still contains a json struct with an error message, but stderr contains only the error message in plain text.

Implementation notes:

  • The communication between the utility and the LCP server is currently only protected by the use of https.
  • The encryption utility does not communicate with the provider’s backend; therefore the issue of content matching between provider products and protected contents is out of scope of this project.

Using lcpencrypt

In order to prepare encrypted files, you will simply have to:

  1. check access to the source folder, where unprotected EPUB files are stored (e.g. ~/epubfiles)
  2. create a target folder for encrypted files (e.g. ~/readiumlcp/encfiles)
  3. move to $GOPATH (cd $GOPATH)
  4. execute lcpencrypt from the bin subfolder:

Example: bin/lcpencrypt -input "~/epubfiles/epub31.epub" -contentid epub31 -output "~/readiumlcp/encfiles/epub31.lcp.epub"

Clone this wiki locally