GoodShort encrypts all HLS video streams using AES-128-CBC encryption. Unlike standard HLS encryption where the key URL is a remote endpoint, GoodShort uses a custom local://offline-key/... URI scheme that cannot be resolved by standard HLS players.
💡
Our API handles this for you! The /api/goodshort/hls endpoint automatically performs the RSA key exchange, decrypts the AES key, and rewrites the m3u8 so any HLS player can play it directly. This guide explains the underlying process for reference.
The problem: GoodShort CDN serves m3u8 playlists with URI="local://offline-key/<bookId>" — a proprietary URI scheme that only the official app understands. Without the correct AES key, you get a 9-second preview, not the full video.
The solution: Our server performs an RSA-2048 key exchange with GoodShort's API to obtain the AES key, then rewrites the m3u8 to embed the key inline as a data: URI, making it compatible with any standard HLS player.