Scramble tool

The scramble tool obfuscates data on disk to prevent people who have access to the system from reading sensitive information. Protected HTTP Dynamic Streaming (PHDS) and Protected HTTP Live Streaming (PHLS) use the scramble tool to obfuscate credential passwords and the content encryption key. To create a new content encryption key, use the scramble tool.

The scramble tool uses AES-128 and a hard-coded key to obfuscate data. The data is unscrambled using the same hard-coded key. The key is a random sequence of bytes generated by the scramble tool.

Important: The hard-coded key can be retrieved from source code. It’s a good idea to use additional techniques to secure the data as well.

The scramble tool is installed to the following location:

rootinstall/tools/scramble

The scramble tool supports the following options:

Option	Description
`-scramble <string-to-scramble>`	Takes an input string from the command line, encrypts it, and prints out a Base64 encoded string. Use this option to encrypt credential passwords.This option assumes that the string to scramble is already Base64 encoded. The tool doesn't decode the string.
`-randCode <number-of-bytes>`	Generates a sequence of random bytes. Specify the sequence length in the `<number-of-bytes>` command line parameter.The output is formatted as a C++ array initialization code snippet.The installer uses this option to generate the scrambling key and IV that are hard-coded in the scrambler tool and the unscrambling utility function.
`-randBase64 <number-of-bytes>`	Generates a sequence of random bytes. Specify the sequence length in the `<number-of-bytes>` command line parameter.The output is a Base64 string encoding the random data.Use this option to generate a content encryption key. Use the output of this command as the `<string-to-scramble>` input for the `-scramble` option. Combining those two commands generates data in the same format as the -`KeyGen` option.
`-KeyGen <number-of-bytes> [-f <output-file>]`	Generates a sequence of random bytes, Base64 encodes it, encrypts the resulting string and prints out a Base64 encoded string of the result. Specify the sequence length in the `<number-of-bytes>` command line parameter. Use the `-f` option to redirect the output to an output file. The Flash Media Server installer uses this option to generate a unique PHDS and PHLS content encryption key.

For example, the following command outputs a 16 byte key:

scramble -KeyGen 16 -f server.key

Twitter™ and Facebook posts are not covered under the terms of Creative Commons.