Verify the integrity of exported video recordings

Last modified: Friday September 06, 2024.

When video recordings are exported from an Alta Video deployment, each video clip and its accompanying metadata file can be verified as being original and unaltered.

There are two methods you can use to validate the video clips and metadata files:

  • Use the Avigilon Alta Export verifier executable file (for Microsoft Windows 10) to verify all files in the exported .zip file.
  • Manually verify the files using openSSL.

Task — Use the Avigilon Alta Export Verifier software

  1. Download the Microsoft Windows-based Export verifier software to the same computer that you have downloaded the exported video clips.
    Alternatively, you can build the Export verifier software by downloading the sourcefiles from https://gitlab.com/ava-security/export_verifier.
  2. Using Windows File Explorer, drag the exported video clips .zip file onto the exportVerifier.exe file.
    Alternatively, double-click exportVerifier.exe, and then browse to the exported videos .zip file.
  3. If prompted, enter the password that was used to encrypt the .zip file when it was created in Alta Video.
  4. The results are shown in the Avigilon Alta Export Verifier software:
    • Exported files verified Success — Successfully validated that all files originated from your Alta Video video management system, and have not been tampered with.
    • Exported files unknown Unverified — All files validated against the included hash files, but the certificate for your Alta Video video management system could not be verified.
    • Exported files failed verification Failed — The incorrect password was supplied, so the .zip file could not be decrypted.
    • Exported files failed verification Failed — <x> out of <y> files failed validation.
    • Exported files failed verification Failed —Could not find the certificate file.

Task — Manually verify the files using openSSL

To manually verify the signatures within the archive. This can be done using standard tools such as OpenSSL. Instructions are provided for OpenSSL, but other tools can be used. If manually verifying the signatures, then OpenSSL or a similar tool must be installed.

  1. Extract the archive to a temporary location.

    If the archive is encrypted, use an AES-256 compatible archive tool to extract the files.

    Enter the archive password when prompted.

  2. Extract the public key from the certificate.pem file, included in the /SIGN folder of the extracted archive.
  3. Run the command: openssl x509 -pubkey -noout -in SIGN/certificate.pem -out pubkey.pem.
    The public key is extracted.
  4. Verify the signature of each file of interest by running the command: openssl dgst -sha256 -verify pubkey.pem -signature "SIGN/<filename>.<extension>.sig" "<filename>.<extension>".
    • If the file is untouched, you see the message "Verified OK".
    • If the file has been tampered with, you see the message "Verification Failure".
  5. To verify that the exported files originated from am Alta Video deployment:
    1. Create the hash of certificate.pem (included in the exported .zip file) using a SHA 256 hash.
    2. From Chrome, use the hash, together with the serial number from Alta Video to browse to https://aware.avasecurity.com/api/v1/public/verifyServerCertificate?serial=<VMSSERIAL>&certificateHash=<BASE64_ENCODED_CERTIFICATE_HASH>