- DRM Overview
- Certificate Enrollment Guide
- Adobe Primetime DRM SDK 5.3.1
- DRM Quick-Start Guide
- Adobe Primetime Cloud DRM Quick-Start Guide
- What is included with Primetime Cloud DRM
- What is NOT supported by Primetime Cloud DRM
- Prerequisites
- Packaging options
- Test the packaged content
- Triaging errors
- Custom authentication/entitlement
- Adobe Primetime authentication (Optional)
- Creating custom DRM policies (Optional)
- Update existing DRM content to use Cloud DRM (Optional)
- Streaming to Xbox360 (Optional)
- Using the Adobe Primetime DRM Key Server
- Adobe Primetime DRM Secure Deployment Guidelines
- Multi-DRM Workflows
- Multi-DRM Workflows
- Primetime DRM Cloud Quick-start
- Workflows: Package, License, and Play
- Multi-DRM Workflow for FairPlay
- Multi-DRM Workflow for Widevine and PlayReady
- Package your content with Bento4
- Package your content with Adobe Offline Packager
- Using Output Protection Policies
- Client Key Request workflow overview
- Expressplay tokens
- Key request workflow on Android PSDK
- Key request workflow on HTML5 TVSDK
- Device Binding
- Generic Workflows
- Feature Topics
- ExpressPlay license token request / response reference
- Migrating from Access to Multi-DRM
- Glossary
- Adobe Primetime DRM On Premises Individualization Server Guide
- Primetime DRM Server for Protected Streaming 5.3.1
- About Adobe Primetime DRM Server for Protected Streaming
- About usage rules
- Requirements
- Understanding Deployment
- Deploying the Adobe Primetime DRM Server for Protected Streaming
- Java system properties
- About Adobe Primetime DRM credentials
- HSM configuration
- Setting up the License server configuration files
- Crossdomain DRM policy file
- Custom authorization extensions
- Performance tuning
- Upgrading the Adobe Primetime DRM Server for Protected Streaming
- Running the DRM Server for Protected Streaming
- Packaging content
- DRM Server for Protected Streaming utilities
- Using the Adobe Primetime DRM SDK for Protecting Content - 5.3.1
- What is new in Adobe Primetime DRM
- Usage rules and Authentication
- Runtime and application restrictions
- Allow list for Primetime DRM applications allowed to play protected content…
- Allow list for Adobe® Flash® Player SWFs
- Block list of DRM Clients restricted from accessing protected content
- Block list of application runtimes
- Minimum security level for DRM and runtimes
- Device capabilities required to play protected content
- Jailbreak enforcement (requires Adobe Primetime DRM)
- Other DRM policy options
- Device Group Domain Registration
- Output protection controls
- Packaging Options
- Setting up the SDK
- Work with DRM policies
- Package media files
- Pre-generating and embedding licenses
- Implement a License Server
- Overview
- License Server deployment options
- Process Adobe Primetime DRM requests
- Handle Get Server Version requests
- Handle Domain Registration requests
- Handle Domain De-Registration requests
- Handle License Return requests
- Handle authentication requests
- Handle license requests
- License chaining
- Handle synchronization requests
- Handle FMRMS compatibility
- Handling certificate updates when Adobe-issued certificates expire
- Performance tuning
- Revoke client credentials
- Create video players
- Resolution-Based Output Protection 5.3.1
- Adobe Primetime DRM Reference Implementations 5.3.1
- About the reference implementations
- Typical workflow
- Command-line tools
- Configure and run the command-line tools
- DRM Media Packager
- DRM Policy Update List Manager
- DRM Revocation List Manager
- DRM License Generator
- DRM License Embedder
- AIR Publisher ID utility
- License server
- Configuration
- Deploy the license server
- Troubleshooting
- Check whether the license server started properly
- Determining if Reference Implementation License Server runs properly
- Implementing the usage models
- Domain registration
- Migrate from FMRMS 1.0 or 1.5 to Adobe Primetime DRM 2.0 or later
- Upgrade existing deployments
- Adobe Primetime TVSDK-DRM Workflow
- TVSDK-DRM client-side workflow overview
- Primetime DRM content protection options
- Primetime DRM on the client
- Primetime DRM license server
- License acquisition process overview
- License acquisition process details
- Pre-loading licenses for offline playback
- Using the DRMStatusEvent class
- Using the DRMAuthenticateEvent class
- Using the DRMErrorEvent class
- Using the DRMManager class
- Using the DRMContentData class
- Out-of-band licenses
- Device domain support
- License preview
- Delivering content
- DRM Client Error Message Reference
- Using Adobe Access DRM With an External Key Management System
- Use the Adobe Access Server for Protected Streaming
- About Adobe Access Server for Protected Streaming
- Usage rules
- Requirements
- Deploying the Adobe Access Server for Protected Streaming
- License server configuration files
- Crossdomain policy file
- Custom authorization extensions
- Performance tuning
- Upgrading the Adobe Access Server for Protected Streaming
- Updating configuration files
- Packaging content
- Adobe Access Server for Protected Streaming utilities
- Adobe Access Secure Deployment Guidelines
- Introduction to Network Topology
- Vendor-specific security information
- Physical security and access
- Packaging and protecting content
- Protect and issue licenses
- Consuming locally generated CRLs
- Consuming CRLs published by Adobe
- Generating CRLs to supplement those published by Adobe
- Rollback detection
- Machine count when issuing licenses
- Replay protection
- Maintain an allow list of trusted content packagers
- Timeout for authentication tokens
- Overriding policy options
- Pre-generating licenses
- Managing Domains
- An Overview of Adobe Access SDK
- Using the Adobe Access SDK for Protecting Content
- Introduction
- User authentication
- Time-based rules
- Runtime and application restrictions
- Allow list for Adobe® Primetime applications allowed to play protected content
- Allow list for Adobe® Flash® Player SWFs allowed to play protected content
- Block list of DRM Clients restricted from accessing protected content
- Block list of application runtimes restricted from accessing protected content
- Minimum security level for DRM and runtimes
- Device capabilities required to play protected content
- Jailbreak Enforcement (requires Adobe Primetime)
- Other policy options
- Output protection controls
- Packaging Options
- Setting up the SDK
- Working with policies
- Packaging media files
- Pre-generating and embedding licenses
- Implementing the License Server
- Processing Adobe Access requests
- Processing Adobe Access requests
- Using machine identifiers
- User authentication
- Replay protection
- Rollback detection
- Global server configuration data
- Crossdomain policy file
- Handling Get Server Version requests
- Handling Domain Registration requests
- Handling Domain De-Registration requests
- Handling License Return requests
- Handling authentication requests
- Handling license requests
- Handling license requests
- Generating licenses
- License chaining
- Enhanced License Chaining
- Issuing Domain-bound licenses
- Issuing licenses for remote key delivery to iOS clients (requires Adobe Primetime)
- Minimum Client Version
- License preview
- Identity-based licenses
- Revoking client credentials
- Creating video players
- Adobe Access Reference Implementations
- Overview - Using the reference implementations
- Command line tools for packaging content and creating revocations lists
- Policy Manager
- Media Packager
- Policy Update List Manager
- Revocation List Manager
- AIR Publisher ID utility
- License Generator
- License Embedder
- License server and watched folder packager
- License server and watched folder packager overview
- Requirements
- Building the license server
- Configuration
- Server properties files
- Preparing passwords for the Server properties files
- License server properties file
- Packager properties file
- Watched folder properties
- Setting up the database and configuring the JNDI datasource
- HSM configuration
- Crossdomain policy file
- Deploying the license server and watched folder packager
- Determining if Reference Implementation License Server is running properly
- Implementing the usage models
- Implementing domain registration
- Migrating from FMRMS 1.0 or 1.5 to Adobe Access 2.0 and above
- Upgrading existing deployments
- Set up a domain server
- Flash Access Manager AIR application usage
DRM Media Packager
Use the Media Packager ( AdobePackager.jar) to specify a DRM policy to apply to your content, and to specify which part of the content to encrypt. For example, you can specify that the packager should encrypt the video data, but not the audio data.
Before you run AdobePackager.jar, you must set properties in the Media Packager Properties section of your configuration file.
You can also specify all Media Packager properties from the command line.
Media Packager command-line usage
Package one file:
java -jar AdobePackager.jar
<i class="+ topic ph hi-d="" i "="">
source
<i class="+ topic ph hi-d="" i "="">
dest [
<i class="+ topic ph hi-d="" i "="">
options]
</i class="+ topic>
</i class="+ topic>
</i class="+ topic>
-
source- The name of the file that you want to encrypt. -
dest- The name of the resulting encrypted file.If you specify a directory, then the encrypted file is automatically saved in the specified directory with the same file name that you specified as the source file. However, you cannot specify a destination directory that includes the source file.
Package multiple files with the same key (for multi-bit-rate support):
java -jar AdobePackager.jar
<i class="+ topic ph hi-d="" i "="">
sourcefiles
<i class="+ topic ph hi-d="" i "="">
dest-directory [
<i class="+ topic ph hi-d="" i "="">
options]
</i class="+ topic>
</i class="+ topic>
</i class="+ topic>
sourcefiles- A series of whitespace-delimited source entries for the files that you want to encrypt.dest-directory- The destination directory where you want to write encrypted content. The encrypted files are automatically saved in this directory using the same file names as the source files. However, the destination directory cannot include any source files.
View information about an encrypted file:
java -jar AdobePackager.jar -d
<i class="+ topic ph hi-d="" i "="">
encryptedfile [-e] [-m]
</i class="+ topic>
View information about a metadata file:
java -jar AdobePackager.jar -dm <metadatafile> [-e]
metadatafileis a .metadata file that includes DRM metadata.
During packaging, the Media Packager can no longer generate a .header file by default. To generate a .header file, use the -h option during packaging.
Table 3: Options
| Command line option |
Description |
|---|---|
| -c configfile |
Specifies the name and location of the configuration file. If you do not specify a name or a location, the DRM Media Packager searches for flashaccesstools.properties in the current working directory. Note: Options that you specify on the command line take precedence over the options you specify in the configuration file. |
| -d encryptedfile |
Enables you to view information about a file that has already been packaged. The source and destination files are not required. |
| -dm metadatafile |
Enables you to view information about existing metadata. The source and destination files are not required. |
| -e |
Extracts DRM policies from a packaged file when you apply this option in conjunction with the -d option. A file is automatically created in the same directory in which the encrypted file is located with a file name and DRM policy identifier. |
| -h |
Extracts the DRM header from a packaged file when you apply this option in conjunction with the -d option. A file is automatically created in the same directory in which the encrypted file, is located with the file name and the extension .header . |
| -i contentID |
Specifies a unique identifier for this segment of content. If you do not specify an identifier, then the destfile file name is automatically applied. |
| -k key = value |
Specifies a custom key/value to add to content metadata. You can specify multiple -k options. |
| -m |
Extract metadata from a packaged file when you apply this option in conjunction with the -d option. A file is automatically created in the same directory as the encrypted file with a file name and a .metadata extension. |
| -noprompt |
Do not ask whether the destination file should be overwritten. If the destination file already exists and -o is not set, then an error occurs. |
| -o |
Overwrites the destination file without you being prompted unless it already exists. |
| -p filename [domain-transport-cert] |
Specifies the name of the file that includes the DRM policy. If the DRM policy requires domain registration with a server that uses a transport certificate other than the one that you have specified in the properties file, then you need to provide the domain transport certificate. You can specify multiple -p options. The client always applies the first option by default. The values that you have specified on the command line takes precedence over those that you have specified in the configuration file. |
Configuration properties
For property names that include* n*, n represents an integer that starts with 1 and increases for each instance of the property.
| Property |
Description |
|---|---|
| encrypt.contents.video | Indicates whether to encrypt video content. |
| encrypt.contents.audio | Indicates whether to encrypt audio. |
| encrypt.contents.script | Indicates whether to encrypt script data in mp4s. onMetaData and onXMP script data tags are never encrypted even if you enable this option. |
| encrypt.contents.video.level | Indicates the video encryption level. A value of high is used to encrypt all video content, while values of medium and low are used to encrypt portions of the video content for mp4 files that include H.264 content. value = high | medium | low |
| encrypt.contents.secondsUnencrypted | If a value is greater than 0, then the specified number of seconds of content at the beginning of the file are not encrypted. |
| encrypt.keys.asymmetric.certfile | The license server certificate file used to encrypt the key. The encrypt.keys.asymmetric.certfile property specifies a file that includes the certificate only (either PEM or DER format is acceptable). |
| encrypt.keys.policyFile.n | This property is used repeatedly to create a list of DRM policies to apply to the content. n represents an integer whose value is 1 or greater. The client uses the first instance by default. |
| encrypt.license.serverurl | The license server URL |
| encrypt.license.servercert | The transport certificate for the license server. This property specifies a .cer file that includes the certificate only (either PEM or DER format is acceptable). |
| encrypt.sign.certfile | The PKCS12 file that includes packager credentials for signing content. The encrypt.sign.certfile needs to refer to a .pfx file that includes a certificate and private key. |
| encrypt.sign.certpass | The password that you can apply to protect the file which has been specified by encrypt.sign.certfile. |
| encrypt.license.minServerVersion | Sets the minimum server version that is required to issue licenses for the content being packaged. Specify x (for Primetime DRM x.0) where x represents a major release number. Any versions of servers that precede Adobe Primetime version 3.0 do not support this setting. |
| encrypt.keys.policyFile.n .domain.transportcert | If a DRM policy encrypt.keys.policyFile.n requires domain registration with a server that supports a transport certificate other than the one that you have specified in encrypt.license.servercert, then you need to provide the domain transport certificate needs. This property specifies a file that includes the certificate only (either PEM or DER format is acceptable). |
| encrypt.keys.licenseKey | Specifies a license key. If you do not specify a key, then the key is randomly generated. When you do not enable key rotation, then you can use this key to encrypt content. When you enable key rotation, you can use this key to protect the rotation keys. The key must be 16 bytes in length and be specified as Hex values. Whitespace between the Hex values is optional. |
| encrypt.keys.rotation.enable | Specifies whether key rotation is enabled. If set to false, which is the default setting, then key rotation is disabled and the master CEK is used to encrypt all samples in the content. If set to true, key rotation is enabled and different keys can be used to encrypt segments of any content. |
| encrypt.keys.rotation.key.n | Sequence of rotated keys that you can specify to encrypt content when key rotation is enabled. If you do not specify any keys, then keys are randomly generated. The keys must be 16 bytes in length and specified as Hex values. Whitespace between the Hex values is optional. n must be monotonically increasing, starting from 1. When you specify multiple keys, then keys are cycled through in the order that you indicated. |
| encrypt.keys.rotation.interval | Specifies the interval of time in seconds during which you can apply a rotation key to encrypt content samples. After the interval of time has elapsed in which the content has been encrypted, then the next rotation key is then applied. If you have enabled key rotation but have not specified any interval of time, then the keys are automatically rotated every 15 minutes. |
| encrypt.license.serverless | If this option is set to true, then a license server from which licenses can be obtained is not available. Licenses must be embedded or obtained out-of-band. The default value is set to false unless you specify a different value. This option is only supported in Primetime DRM Professional. |
Resources
Adobe Account
