MPEG-DASH
USP supports Common Encryption (CENC) for MPEG-DASH. The encryption is applied on-the-fly, so there is no preprocessing involved.
The options for enabling encryption are stored in the server manifest file.
Demo streams can be found in the Unified Streaming Demo.
Adding Clearkey Encyption
Attention
Clearkey is not supported.
Adding Marlin DRM
Marlin is a DRM platform, created by an open-standards community initiative called the Marlin Developer Community (MDC). The MDC was formed in 2005 by five companies: Intertrust, Panasonic, Philips, Samsung and Sony.
USP supports adding Marlin protection to MPEG-DASH presentations (and HLS).
The encryption is applied on-the-fly, so there is no preprocessing involved. Please note that offline Marlin packaging is not supported.
Options for Marlin
The options for enabling encryption are stored in the server manifest file. For Marlin DASH encryption a content encryption key (CEK) and key id (KID) are required. You need to provide the following options:
--marlin.key
The KID and CEK are passed with the --marlin.key option where KID and CEK
are separated by a colon, e.g. --marlin.key=KID:CEK
Both KID and CEK must be coded in hex (base16).
--marlin.license_server_url
The license server URL
Example
The following command creates a server manifest file with the key information embedded:
mp4split -o video.ism \
--marlin.key=b366360da82e9c6e0b0984002a362cf2:a0a1a2a3a4a5a6a7a8a9aaabacadaeaf
video.ismv
Adding PlayReady DRM
Please follow the Adding PlayReady DRM section for HSS to add PlayReady for MPEG-DASH. The same options are used, but when the MPD is requested DRM will be applied similar as when the (Smooth Streaming) Manifest is requested.
Adding Primetime DRM
New in version 1.7.18.
Options for Primetime
The options for enabling encryption are stored in the server manifest file. For Primetime DASH encryption a content encryption key (CEK) and key id (KID) are required. You need to provide the following options:
--hds.key
The KID and CEK are passed with the --hds.key option where KID and CEK
are separated by a colon, e.g. --hds.key=KID:CEK
Both KID and CEK must be coded in hex (base16).
--hds.drm_specific_data
The drm specific data used for Primetime DRM, in the case of MPEG-DASH this will be used for the "pssh" box. Please refer to the Adobe documentation on how to obtain this. Can either be a Base64 string or a file with the decoded Base64 data. The file name must include a '.'
Example
#!/bin/bash
KID=000102030405060708090a0b0c0d0e0f
CEK=000102030405060708090a0b0c0d0e0f
mp4spit -o video.ism \
--hds.key=$(KID):$(CEK) \
--hds.drm_specific_data=pssh.bin \
video.ismv
Adding Widevine Modular DRM
For Widevine Modular DRM a content encryption key (CEK) and a key id (KID) are required.
Options for Widevine
You need to provide the following options:
--widevine.key
The KID and CEK are passed with the --widevine.key option where KID and CEK
are separated by a colon, e.g. --widevine.key=KID:CEK.
Both KID and CEK must be coded in hex (base16)..
--widevine.drm_specific_data
The DRM specific data provided by the license server (the Widevine PSSH data).
Can either be a Base64 string or a file with the decoded Base64 data. The file name must include a '.'
Example
The following script demonstrates how to call into the Widevine test key server to obtain content_key, key_id, and pssh data to create a server manifest which can then be used to fetch the DASH client manifest from (the .mpd):
#!/bin/bash
wv_url=http://license.uat.widevine.com/cenc/getcontentkey/widevine_test
wvr=$(curl -v -X POST \
-H 'Content-Type: application/json' \
-d '{"request": "ewogICJjb250ZW50X2lkIjogIlptdHFNMnhxWVZOa1ptRnNhM0l6YWc9PSIsCiAgInRyYWNrcyI6I FsKICAgIHsgInR5cGUiOiAiU0QiIH0sCiAgICB7ICJ0eXBlIjogIkhEIiB9LAogICAgeyAidHlwZSI 6ICJBVURJTyIgfQogIF0sCiAgImRybV90eXBlcyI6IFsgIldJREVWSU5FIiBdLAogICJwb2xpY3kiO iAiIgp9Cg==", "signature": "kwVLL4xVh9mnlZlPqiEWN0E+FsvG0y+/oy451XXeIMo=", "signer": "widevine_test" }' \
$wv_url)
dwvr=$(echo $wvr | python3 -c 'import json,sys,base64;obj=json.load(sys.stdin);print(base64.b64decode(obj["response"]).decode("utf-8"))')
key_id=$(echo $dwvr | python3 -c 'import json,sys;obj=json.load(sys.stdin);print(obj["tracks"][0]["key_id"])')
content_key=$(echo $dwvr | python3 -c 'import json,sys;obj=json.load(sys.stdin);print(obj["tracks"][0]["key"])')
pssh=$(echo $dwvr | python3 -c 'import json,sys;obj=json.load(sys.stdin);print(obj["tracks"][0]["pssh"][0]["data"])')
# Widevine API returns base64 so re-encode to base16
kid16=$(echo $key_id | base64 -d | hexdump -e '16/1 "%02x"')
cek16=$(echo $content_key | base64 -d | hexdump -e '16/1 "%02x"')
MP4SPLIT_OPTIONS=
MP4SPLIT_OPTIONS+=" --widevine.key=${kid16}:${cek16}"
MP4SPLIT_OPTIONS+=" --widevine.drm_specific_data=${pssh}"
mp4split -o tos-wv.ism ${MP4SPLIT_OPTIONS} tears-of-steel-avc1-400k.ismv tears-of-steel-aac-64k.isma
Note
Tool sets or programming languages other than bash/python may equally be used.