Re: [Cellar] shepherd review of Matroska: part 1

Steve Lhomme <> Sun, 26 June 2022 08:01 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5C3A8C15A75E for <>; Sun, 26 Jun 2022 01:01:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -8.784
X-Spam-Status: No, score=-8.784 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wiGr1UHoi8qc for <>; Sun, 26 Jun 2022 01:01:42 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::333]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id D4803C14CF15 for <>; Sun, 26 Jun 2022 01:01:42 -0700 (PDT)
Received: by with SMTP id k129so2181367wme.0 for <>; Sun, 26 Jun 2022 01:01:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language :from:to:references:in-reply-to:content-transfer-encoding; bh=vEuMtgsPcfVuZLhXdjRkpBrX/+Dq4gucKfmVKDixwKI=; b=rDYuWeQcdeDBaE9wD32xGuekuVotDy4adARaeVw/k8Mq47xLovlaCijKDVBhdyNS9E qR5H5dOFuDrqUuFW3tgBqGRSYcGCnzooe26CQgyqOJ5ZFVS+phmMsvbqw+C5W/gZDWqk 6MslgLSO1GJZSsUWvDYno/LQPtjiLB3bWK4Tyc2K1V591TeDdN4owgvoHKNKfmopaoQ2 ueWGIue4cL+do3Qc325yUJ5Dmw19OUghW8Ri589jYDgFVZqUY4WdFKrlBNyr4K92791i sZ+jIidOhPYDbyT1wlC0knk9s4wsQdI5iYzn62s3/3miMvllUBiGMnWmNK9wvvw5qO4t l83A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:from:to:references:in-reply-to :content-transfer-encoding; bh=vEuMtgsPcfVuZLhXdjRkpBrX/+Dq4gucKfmVKDixwKI=; b=shSs5Ht3XoR/jD8mP/DEiKPGQHKkWg8lc+MOiwebE7Hd7KQyRiwxTxr4I78+xeQknv RzJ7+Sk+Jx+p5vre7gq/mnz1xpGczRrQLIYAXAp5JqM3a2hSb6wdFT6PuBZ8AyZSE44f qX9H7eDgf43OqepMTEH8mTt1jQkW5lUr84AWaQYqUQSM4dklYXaMeQHzxmzKE9Rvrjxc OtZzgrEygPgABaACpZZzT+gfavob3YwbbDQUZ6uvGMSjjAndVokia2AIlpGgJqOt8Iyk wAmeJIO5dpEIhsTwVopOj6yRY0yewnNilsxLztGD9xjVJ6nqrFEyXs0CR+SAaenTpAGZ YZZA==
X-Gm-Message-State: AJIora95Z7il/9eRNyRKgISn3yp4SDOpoUg1bUFErvnPSepKcUNIAA1b M9drpG+538H5Jn46dqgNXZCM7Q5KJPeAuw==
X-Google-Smtp-Source: AGRyM1sJ4p3Q3jdgRhShDWK9cQafJO5R8irLB7L9o1PxGX6Wl8k+wJo7LtL+ChA1pk9ZubD1wkjdWQ==
X-Received: by 2002:a05:600c:a47:b0:39e:f953:84e2 with SMTP id c7-20020a05600c0a4700b0039ef95384e2mr13102654wmq.202.1656230500853; Sun, 26 Jun 2022 01:01:40 -0700 (PDT)
Received: from ?IPV6:2a01:cb0c:20:e900:2c15:9b6a:5913:728f? ( [2a01:cb0c:20:e900:2c15:9b6a:5913:728f]) by with ESMTPSA id y12-20020a5d4acc000000b0021b9416fa13sm8042043wrs.90.2022. for <> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 26 Jun 2022 01:01:40 -0700 (PDT)
Message-ID: <>
Date: Sun, 26 Jun 2022 10:01:39 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
From: Steve Lhomme <>
References: <1216608.1654521891@dooku> <>
In-Reply-To: <>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: base64
Archived-At: <>
Subject: Re: [Cellar] shepherd review of Matroska: part 1
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 26 Jun 2022 08:01:47 -0000

On 2022-06-12 10:01, Steve Lhomme wrote:
>> } ContentEncAlgo Element
>> questions will be asked about 1DES, and 3DES.
>> 1) We need a note about how legacy files might be encrypted, and we need
>>     those definitions for history.

AFAIK Matroska files are not encrypted. WebM on the other hand is very 
common. But we're not making the WebM spec. Content Compression which is 
parallel to this is however common.

In WebM it also depends on the codec what kind of information is 
actually encrypted. The frame headers are usually not encrypted so they 
can be parsed without dealing with encryption. Only the actual content 
part is encrypted.

We do not have this kind of granularity in Matroska. The 
ContentEncodingScope only mentions encrypting the content of the Block. 
But I think in real life that's still to broad.

There's a specific WebM page about which (single) encryption it supports
They actually have "partitions" within the Block. While it is compatible 
with ContentEncodingScope=1 (All frame content) it is still not enough 
to know where the partitions stand and how to deal with them. They also 
allow some frames to be encrypted and others not.

IMO that should be the way to do it. Matroska provides the fields to 
store your encryption information, but the way they are interpreted is 
not really defined in Matroska. In the case of WebM, the AES-CTR 
(AESSettingsCipherMode=1) really tells the whole story of how the 
encrypted data fill the Block.

This is the only encryption known in the wild for Matroska/WebM. All the 
rest is under defined.

>> 2) Questions will be asked about how the keys were created.
>>     I haven't read the Security Considerations, but it needs to say 
>> something.

It's (currently) not mentioned but there is an "Encryption" section. It 
doesn't cover the key creation/exchange.

>> 3) We should probably have a suggestion on how encryption keys are
>>     represented in text.
>>     Consider one system that takes things in hex, and another that
>>     uses strings, and that all hex values are valid strings.

IMO it's not relevant in our case. The keys are stored in binary format 
(ContentEncodings\ContentEncoding\ContentEncryption\ContentEncKeyID), so 
human readable formats are for usage outside of Matroska.

> I'll try to come up with something. Although I'm not too familiar with 
> this part. It is however used in WebM.

The result is