Verimatrix

USP supports Verimatrix VCAS. You need to fetch a content key with the VCAS API and pass it on the commandline when creating the server manifest.

Options for VCAS with AES-128

--hls.key

The key id (KID) and content encryption key (CEK) are passed with the --hls.key option where KID and CEK are separated by a colon, e.g. --hls.key=KID:CEK

As no KID is used for AES-128, this can be left empty. The CEK is a (random) 128 bit value and must be coded in hex (base61).

--hls.license_server_url

The URL used by the player to retrieve the key.

Using the VCAS API

Obtaining a key from the VCAS license server is a two step process.

The first step is to create a key, for instance:

# create 1 key (c=1)
curl -v \
 -X POST \
 'http://VERIMATRIX_URL/CAB/keyfile?r=YOUR_USER_ID&t=VOD&c=1'
  • the HTTP verb used is POST
  • the c parameter is used to indicate the number of keys to create

The second step is to get the created key:

# get the key (p=0)
binary_key=$(curl -v \
 -X GET \
 'http://VERIMATRIX_URL/CAB/keyfile?r=YOUR_USER_ID&t=VOD&p=0')
  • the HTTP verb used is GET
  • the p parameter is used to indicate which key should be returned

The return of the second call is a binary key, which should be converted to hex (base16) before it can be used with mp4split.

Creating a server manifest with Verimatrix VCAS

The following command creates a server manifest file with the key information embedded:

#!/bin/bash

curl -v \
 -X POST \
 'http://VERIMATRIX_URL/CAB/keyfile?r=YOUR_USER_ID&t=VOD&c=1'

binary_key=$(curl -v \
 -X GET \
 'http://VERIMATRIX_URL/CAB/keyfile?r=YOUR_USER_ID&t=VOD&p=0')

key_hex16=$(echo -n $binary_key | hexdump -e '16/1 "%02x"')

mp4split -o video.ism \
  --hls.key=:${key_hex16}
  --hls.license_server_url="http://VERIMATRIX_URL/CAB/keyfile?r=YOUR_USER_ID&t=VOD&p=0"
  video.ismv

Please note that in the above example some dummy values are used:

  • you need to provide values for r, t, c and p (see the Verimatrix documentation)
  • VERIMATRIX_URL should be replaced with the URL provided by Verimatrix
  • YOUR_USER_ID should be replaced with your customer id, provided by Verimatrix
  • VOD can also be another type (see the Verimatrix documentation)