Viaccess Orca
New in version 1.9.0.
Adding VO DRM
The options for enabling encryption are stored in the server manifest file. For ViaccessOrca encryption a content encryption key (CEK) and key id (KID) are required. You need to provide the following options:
--vodrm.key
The KID and CEK are passed with the --vodrm.key option where KID and CEK
are separated by a colon, e.g. --vodrm.key=KID:CEK
Both KID and CEK must be coded in hex (base16).
--vodrm.drm_specific_data
The DRM specific data. This is the full "pssh" version 1 box. Can either be a Base64 string or a file with the decoded Base64 data. The file name must include a '.'
The box must contain a KID that refers to the previously provided --vodrm.key
option.
Example
#!/bin/bash
KID=000102030405060708090a0b0c0d0e0f
CEK=000102030405060708090a0b0c0d0e0f
mp4spit -o video.ism \
--vodrm.key=$(KID):$(CEK) \
--vodrm.drm_specific_data=pssh.bin \
video.ismv
Adding Viaccess-Orca (Discretix) PlayReady for HLS
This option supports PlayReady HLS using Viaccess-Orca (Discretix).
The webserver adds protection to the HLS audio and video streams on-the-fly with Discretix PlayReady HLS.
USP provides the following options for Viaccess-Orca (Discretix) PlayReady HLS protection:
--dxdrm.key
The 128 bits Key ID (KID) and 128 bits Content Encryption Key (CEK) are passed
with the --dxdrm.key option where KID and CEK are separated by a colon,
e.g. --dxdrm.key=KID:CEK
Both KID and CEK must be coded in hex (base16).
Note
The KID from a PlayReady License server may be formatted as a little-endian GUID. In that case you have to change the endianness as we always use a big-endian UUID representation of the KID.
--dxdrm.key_iv
Specifies the initialization vector (64 bits).
--dxdrm.license_server_url
The URL of the license server(s) used.
The following example creates a VOD server manifest with MP4Split and will embed the key information in the server manifest.
Example for generating a server manifest with Discretix Playready DRM:
mp4split -o discretix.ism \
--dxdrm.key=7C9AA2B68306466F882D75BED922CD25:27eb4cef2afa2afe8fe5d2c374cd60e \
--dxdrm.license_server_url="http://test.playready.microsoft.com/service/rightsmanager.asmx?PlayRight=1&UseSimpleNonPersistentLicense=1" \
video.ismv
Once you generate server manifest file, as seen in the example above, all the key information is embedded in the server manifest.
When a client requests an .m3u8 playlist the webserver module will automatically
insert the proper tag (#EXT-X-DXDRMINFO:KEYREF) and requests for the MPEG-TS
fragments are encrypted on-the-fly.
An example .m3u8 playlist:
#EXTM3U
#EXT-X-VERSION:1
#EXT-X-DXDRM:VERSION=3.0,MECHANISM=PLAYREADY
#EXT-X-DXDRMINFO:KEYREF="x-keyref://playready?KID=tqKafAaDb0aILXW+2SLNJQ==",
HEADER="PABXAFIATQBIAEUAQQBEAEUAUgAgAHgAbQBsAG4AcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEQAUgBNAC8AMgAwADAANwAvADAAMwAvAFAAbABhAHkAUgBlAGEAZAB5AEgAZQBhAGQAZQByACIAIAB2AGUAcgBzAGkAbwBuAD0AIgA0AC4AMAAuADAALgAwACIAPgA8AEQAQQBUAEEAPgA8AFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBFAFkATABFAE4APgAxADYAPAAvAEsARQBZAEwARQBOAD4APABBAEwARwBJAEQAPgBBAEUAUwBDAFQAUgA8AC8AQQBMAEcASQBEAD4APAAvAFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBJAEQAPgB0AHEASwBhAGYAQQBhAEQAYgAwAGEASQBMAFgAVwArADIAUwBMAE4ASgBRAD0APQA8AC8ASwBJAEQAPgA8AEMASABFAEMASwBTAFUATQA+AGEAUABSAEsAaABjAEwAcQBxAGEAQQA9ADwALwBDAEgARQBDAEsAUwBVAE0APgA8AEwAQQBfAFUAUgBMAD4AaAB0AHQAcAA6AC8ALwBwAGwAYQB5AHIAZQBhAGQAeQAuAGQAaQByAGUAYwB0AHQAYQBwAHMALgBuAGUAdAAvAHAAcgAvAHMAdgBjAC8AcgBpAGcAaAB0AHMAbQBhAG4AYQBnAGUAcgAuAGEAcwBtAHgAPwBQAGwAYQB5AFIAaQBnAGgAdAA9ADEAJgBhAG0AcAA7AFUAcwBlAFMAaQBtAHAAbABlAE4AbwBuAFAAZQByAHMAaQBzAHQAZQBuAHQATABpAGMAZQBuAHMAZQA9ADEAPAAvAEwAQQBfAFUAUgBMAD4APAAvAEQAQQBUAEEAPgA8AC8AVwBSAE0ASABFAEEARABFAFIAPgA="
#EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=319060,CODECS="mp4a.40.2,avc1.66.30",RESOLUTION=304x128
dxdrm-audio=65000-video=236000.m3u8
#EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=68900,CODECS="mp4a.40.2"
dxdrm-audio=65000.m3u8