DRM Media Packager

Last update: 2023-10-02

Use the Media Packager ( AdobePackager.jar) to specify a DRM policy to apply to your content, and to specify which part of the content to encrypt. For example, you can specify that the packager should encrypt the video data, but not the audio data.

Before you run AdobePackager.jar, you must set properties in the Media Packager Properties section of your configuration file.

NOTE

You can also specify all Media Packager properties from the command line.

Media Packager command-line usage

Package one file:

java -jar AdobePackager.jar
<i class="+ topic ph hi-d="" i "="">
  source
 <i class="+ topic ph hi-d="" i "="">
   dest [
  <i class="+ topic ph hi-d="" i "="">
    options]
  </i class="+ topic>
 </i class="+ topic>
</i class="+ topic>
  • source - The name of the file that you want to encrypt.

  • dest - The name of the resulting encrypted file.

    If you specify a directory, then the encrypted file is automatically saved in the specified directory with the same file name that you specified as the source file. However, you cannot specify a destination directory that includes the source file.

Package multiple files with the same key (for multi-bit-rate support):

java -jar AdobePackager.jar
<i class="+ topic ph hi-d="" i "="">
  sourcefiles
 <i class="+ topic ph hi-d="" i "="">
   dest-directory [
  <i class="+ topic ph hi-d="" i "="">
    options]
  </i class="+ topic>
 </i class="+ topic>
</i class="+ topic>
  • sourcefiles - A series of whitespace-delimited source entries for the files that you want to encrypt.
  • dest-directory - The destination directory where you want to write encrypted content. The encrypted files are automatically saved in this directory using the same file names as the source files. However, the destination directory cannot include any source files.

View information about an encrypted file:

java -jar AdobePackager.jar -d
<i class="+ topic ph hi-d="" i "="">
  encryptedfile [-e] [-m]
</i class="+ topic>

View information about a metadata file:

java -jar AdobePackager.jar -dm <metadatafile> [-e]
  • metadatafile is a .metadata file that includes DRM metadata.
NOTE

During packaging, the Media Packager can no longer generate a .header file by default. To generate a .header file, use the -h option during packaging.

Table 3: Options

Command line option

Description

-c configfile

Specifies the name and location of the configuration file.

If you do not specify a name or a location, the DRM Media Packager searches for flashaccesstools.properties in the current working directory.

Note: Options that you specify on the command line take precedence over the options you specify in the configuration file.

-d encryptedfile

Enables you to view information about a file that has already been packaged.

The source and destination files are not required.

-dm metadatafile

Enables you to view information about existing metadata.

The source and destination files are not required.

-e

Extracts DRM policies from a packaged file when you apply this option in conjunction with the -d option.

A file is automatically created in the same directory in which the encrypted file is located with a file name and DRM policy identifier.

-h

Extracts the DRM header from a packaged file when you apply this option in conjunction with the -d option.

A file is automatically created in the same directory in which the encrypted file, is located with the file name and the extension .header .

-i contentID

Specifies a unique identifier for this segment of content.

If you do not specify an identifier, then the destfile file name is automatically applied.

-k key = value

Specifies a custom key/value to add to content metadata.

You can specify multiple -k options.

-m

Extract metadata from a packaged file when you apply this option in conjunction with the -d option.

A file is automatically created in the same directory as the encrypted file with a file name and a .metadata extension.

-noprompt

Do not ask whether the destination file should be overwritten.

If the destination file already exists and -o is not set, then an error occurs.

-o

Overwrites the destination file without you being prompted unless it already exists.

-p filename [domain-transport-cert]

Specifies the name of the file that includes the DRM policy.

If the DRM policy requires domain registration with a server that uses a transport certificate other than the one that you have specified in the properties file, then you need to provide the domain transport certificate.

You can specify multiple -p options. The client always applies the first option by default. The values that you have specified on the command line takes precedence over those that you have specified in the configuration file.

Configuration properties

NOTE

For property names that include* n*, n represents an integer that starts with 1 and increases for each instance of the property.

Property

Description

encrypt.contents.video Indicates whether to encrypt video content.
encrypt.contents.audio Indicates whether to encrypt audio.
encrypt.contents.script

Indicates whether to encrypt script data in mp4s.

onMetaData and onXMP script data tags are never encrypted even if you enable this option.

encrypt.contents.video.level

Indicates the video encryption level.

A value of high is used to encrypt all video content, while values of medium and low are used to encrypt portions of the video content for mp4 files that include H.264 content.

value = high | medium | low

encrypt.contents.secondsUnencrypted

If a value is greater than 0, then the specified number of seconds of content at the beginning of the file are not encrypted.

encrypt.keys.asymmetric.certfile

The license server certificate file used to encrypt the key.

The encrypt.keys.asymmetric.certfile property specifies a file that includes the certificate only (either PEM or DER format is acceptable).

encrypt.keys.policyFile.n

This property is used repeatedly to create a list of DRM policies to apply to the content. n represents an integer whose value is 1 or greater. The client uses the first instance by default.

encrypt.license.serverurl

The license server URL

encrypt.license.servercert

The transport certificate for the license server.

This property specifies a .cer file that includes the certificate only (either PEM or DER format is acceptable).

encrypt.sign.certfile

The PKCS12 file that includes packager credentials for signing content.

The encrypt.sign.certfile needs to refer to a .pfx file that includes a certificate and private key.

encrypt.sign.certpass

The password that you can apply to protect the file which has been specified by encrypt.sign.certfile.

encrypt.license.minServerVersion

Sets the minimum server version that is required to issue licenses for the content being packaged.

Specify x (for Primetime DRM x.0) where x represents a major release number. Any versions of servers that precede Adobe Primetime version 3.0 do not support this setting.

encrypt.keys.policyFile.n .domain.transportcert

If a DRM policy encrypt.keys.policyFile.n requires domain registration with a server that supports a transport certificate other than the one that you have specified in encrypt.license.servercert, then you need to provide the domain transport certificate needs.

This property specifies a file that includes the certificate only (either PEM or DER format is acceptable).

encrypt.keys.licenseKey

Specifies a license key.

If you do not specify a key, then the key is randomly generated. When you do not enable key rotation, then you can use this key to encrypt content.

When you enable key rotation, you can use this key to protect the rotation keys. The key must be 16 bytes in length and be specified as Hex values. Whitespace between the Hex values is optional.

encrypt.keys.rotation.enable

Specifies whether key rotation is enabled.

If set to false, which is the default setting, then key rotation is disabled and the master CEK is used to encrypt all samples in the content.

If set to true, key rotation is enabled and different keys can be used to encrypt segments of any content.

encrypt.keys.rotation.key.n

Sequence of rotated keys that you can specify to encrypt content when key rotation is enabled.

If you do not specify any keys, then keys are randomly generated. The keys must be 16 bytes in length and specified as Hex values.

Whitespace between the Hex values is optional. n must be monotonically increasing, starting from 1. When you specify multiple keys, then keys are cycled through in the order that you indicated.

encrypt.keys.rotation.interval

Specifies the interval of time in seconds during which you can apply a rotation key to encrypt content samples.

After the interval of time has elapsed in which the content has been encrypted, then the next rotation key is then applied. If you have enabled key rotation but have not specified any interval of time, then the keys are automatically rotated every 15 minutes.

encrypt.license.serverless

If this option is set to true, then a license server from which licenses can be obtained is not available.

Licenses must be embedded or obtained out-of-band. The default value is set to false unless you specify a different value. This option is only supported in Primetime DRM Professional.

On this page