I am implementing an application that supports video on demand. I ended up converting my videos to hls files for performance. Now, for security, I restricted access to all .m3u8 and .ts files via a token authentication (jwt). Then I saw I could also encrypt hls files using AES and then control who can access the decryption key. But I don't understand the point of encrypting files then securing access to the key. Is it better security than just securing access to the files like I did ? (Knowing that files are delivered through https)
One last question about DRM.
Edit: Question below answered by this topic I found later : what-is-the-value-added-by-drm-compared-to-encrypted-streams
In the current state, only authorized users have access to the videos. On the other hand, it is very easy for them to download them with a plugin. In terms of security, what I understood was that DRM would allow me to make it difficult for authorized users to download my videos. Did I understand the security utility correctly ?
I implemented a JWT based authorization access to hls files which feels fine for my security needs for now which is : securing access to videos to authorized users.
