Configuration properties

NOTE

For property names that include .n, the n represents an integer that starts with 1 and increases for each instance of the property. For example: policy.license.customProp.n.

Property/Command Line Option Description
policy.name

-n policyname

The human-readable DRM policy name.
policy.requireKeyServer

-keyServer boolean

The following conditions apply:
  • If true, an HTTPS Key Server is required for key delivery to iOS.
  • If not specified, the default is false.
policy.enforceJailbreak

-enforceJailbreak boolean

For devices that support jailbreak detection, if true, do not allow playback when jailbreak is detected.
policy.critical

-critical boolean

Sets the criticality of the DRM policy:
  • If true, the server must understand all parts of the DRM policy, which represents default behavior.
  • If false, the server can ignore DRM policy attributes that it does not recognize.
policy.chaining.asymmetric.certfile License server certificate whose public key is used to encrypt the root encryption key for the Enhanced License Chaining. This property specifies a file that only includes the certificate.

Note: Both PEM or DER formats are supported.

policy.chaining.rootKey

-rootKey root-key

Specifies the root encryption key for the Enhanced License Chaining. If no key is specified and Enhanced License Chaining is enabled, a random key is automatically generated.

The key must be 16 bytes long and specified as hex values. Whitespace between the hex values is optional. For updates, the command-line option is not available, and the property is ignored.

policy.domain.url

-domainURL url

If domain registration is required, url specifies the URL of a domain server. For updates, the command-line option is not available, and the property is ignored.
policy.domain.anonymous

-domainAnon

Specifies whether anonymous domain registration is allowed. Sets the property to true or includes this command-line option to allow anonymous access.

Note: This option cannot be used with -domainAuthNS.

policy.domain.authNamespace

-domainAuthNS namespace

The authentication namespace for domain registration. If specified, the client needs to authenticate with a user name and password that were issued by the specified authority.

For updates, the command-line option is not available, and the property is ignored.

Note: This option cannot be used with -domainAnon.

policy.outputProtection.analog

-opAnalog AnalogOption

Analog output protection constraints, and the following values are supported:
  • NO_PROTECTION
  • USE_IF_AVAILABLE
  • USE_IF_AVAILABLE_ACP
  • USE_IF_AVAILABLE_CGMSA
  • REQUIRED
  • REQUIRED_ACP
  • REQUIRED_CGMSA
  • NO_PLAYBACK
policy.drmVersionBlacklist.n

-drmBlacklist name/value-pairs

DRM clients that are restricted from accessing protected content. This option specifies a list of versions of DRM modules that may not be used (block list).

The value consists of comma separated name=value pairs in the following format:

os|release|arch|model|vendor|env|screen=value

Additional name/value pairs must be comma-separated. For example, os=Win,release=2.0,arch=32.

policy.runtimeVersionBlacklist.n

-runtimeBlacklsit name/value-pairs

Application runtimes are restricted from accessing protected content. This option specifies a list of versions of runtime modules that may not be used (block list).

The value consists of comma-separated name=value pairs in the following format:

os|release|application|arch|model|vendor|env|screen=value

Additional name/value pairs must be comma-separated. For example, os=Win,application=AIR.

policy.v1DeviceCapabilities

-devCapabilitiesV1 name/value-pairs

Specifies the device capabilities that are required to access protected content. The value consists of comma separated name=value pairs in the following format:

nonUserAccessibleBus|hardwareRootOfTrust=true|false

For example, nonUserAccessibleBus=false,hardwareRootOfTrust=true.

During an update, you need to apply -devCapabilitiesV1 without the remaining arguments that remove the device capabilities restriction.

policy.syncFrequency

-sync name/value-pairs

Specifies how often clients are required to send synchronization messages to the server.

If the property is not set, clients will not send synchronization messages when they play content that is protected with a DRM policy. The value consists of comma-separated name=value pairs in the following format:

start|force=numberValue

The following list provides additional information about the options:

  • (required) start specifies that the client needs to start synchronizing with the server in the specified minutes since the last synchronization.
  • (optional) force is the probability (0-100) with which the client needs to force a synchronization message during playback.
During update, use -sync without the remaining arguments to remove the synchronization requirements.

policy.useRootLicense Indicates whether this DRM policy has a root license.

For more information, see Enhanced License Chaining.

policy.startDate The date after which content becomes valid. You can apply one of the following formats:
  • yyyy-mm-dd

    For example, 2009-01-31 means January 31 at 12:00 AM.

  • yyyy-mm-dd-h24:min:sec

    For example, 2009-01-31-14:30:00 means January 31 at 2:30 PM.

policy.expiration.endDate

The date before content becomes invalid.

Note: You cannot specify policy.expiration.endDate and policy.expiration.duration concurrently.

For example, 2009-01-31-14:30:00 means that the content will expire on January 31 at 2:30 PM.

policy.expiration.duration

The time in minutes when the content becomes invalid. The time starts when you package content.

Note: You cannot specify policy.expiration.endDate and policy.expiration.duration concurrently.

policy.licenseCaching.duration

The time in minutes when a license can be cached on the client. You can set this property to 0 to prevent license caching. The value must be 0 or higher.

Note: You cannot specify policy.licenseCaching.duration and policy.licenseCaching.endDate concurrently.

This DRM policy setting is applied only to the license caching on the disk and does not control memory-cached license duration. The license can be cached in memory even if you do not specify a DRM policy with a duration of zero.

policy.licenseCaching.endDate

The date after which you can no longer cache licenses.

Note: You cannot specify policy.licenseCaching.duration and policy.licenseCaching.endDate concurrently.

policy.anonymous

Indicates whether anonymous license acquisition is allowed. The default is set to false, which means that a username and password is required.

policy.authNamespace

If a username and password is required, this property specifies an optional name qualifier for user names.

policy.customProp.n

Custom name/value pairs to be used by the server during license acquisition. You can apply the following format to specify properties: policy.customProp.n=name=value

policy.playbackWindow

Specifies the playback window in minutes. This value represents how long the license is valid after the first time that protected content is played.

policy.outputProtection.digital

Output protection constraints, which must be one of the following values:

  • NO_PROTECTION
  • USE_IF_AVAILABLE
  • REQUIRED
  • NO_PLAYBACK

policy.outputProtection.ota Specifies the over the air (OTA) connection types that should be allow listed. Valid connection types include:
  • MIRACAST
  • AIRPLAY
  • DLNA
  • WIDI
policy.outputProtection.resolution Specifies the configuration file in which the resolution-based constraints are defined.
policy.drmMinSecurityLevel

Specifies the minimum security level to allow the DRM module to access protected content.

policy.runtimeMinSecurityLevel

The application runtime module must have at least the specified minimum security level to access protected content.

policy.allowedAIRApplication.n

A allow list of non-Flash applications (Adobe AIR, iOS, Android, etc.) that are allowed to play protected content. The property must use the following format: pubId[:appId[:[min]:[max]]]

policy.allowedSWFApplication.n

A allow list of SWF applications that are allowed to play protected content. The property must use the following format:

  • URL
  • file=swf_file
  • time=max_time_to_verify
swf_file is the SWF file that is used to compute the hash, and max_time_to_verify is the maximum time in seconds that is allowed for downloading and verifying the SWF to complete.

policy.license.customProp.n

Custom name/value pairs that you must include in licenses when the licenses are issued to users. You need to specify the following format:

policy.license.customProp.n=name

You can define this option multiple times for multiple custom properties.

On this page