Using External CEK to Vend and Package Licenses

Use the External CEK feature to vend and package licenses using your existing CKMS.

EncryptContentWithExternalKey.java

This is a command line tool that will AAXS-encrypt a video and create metadata that will not contain the CEK (protected with an AAXS license server’s public cert). Instead, the tool embeds a CEK ID into the video’s metadata.

During license acquisition, the AAXS license server observes a flag in the metadata identifying that this content was protected using an External CEK. The license server will extract the CEK ID from the metadata and then query a secure repository/CKMS to retrieve the appropriate CEK.

Packaging Workflow

1. Ensure you are using Java 1.6.0_24 or later.

2. To see the tool usage: java -jar AdobePackager_ExternalCEK.jar

3. To package content:

   java -jar AdobePackager_ExternalCEK.jar sample.flv encrypted.flv abc abcdef0123456789
       policy.pol https://path-to-your-server:8090 <license-server-public-cert.pem>
       <license-server-private-key.pfx> <private-key-password>
   

Server Workflow

1. Set up the Reference Implementation.

2. If any exist, clean up previous Reference Implementation deployments:

   1. delete <tomcat>\work\Catalina\*.*
   2. delete <tomcat>\conf\Catalina\*.*
   3. delete <tomcat>\logs\*.*

3. Verify that there is a CEKDepot.properties file alongside your flashaccess-refimpl.properties

4. Initiate a license request from an Adobe Primetime Player

5. Observe Ref Impl logs for something similar to:

   DEBUG [com.adobe.flashaccess.refimpl.web.RefImplLicenseReqHandler.REQUESTS]
     Used CEK ID:{abc} to retrieve CEK: {abcdef0123456789} from depot
   

   1. You may have to change your log4j.xml settings to log at a DEBUG level ( INFO is set by default)

Known Issues

None

Business.Adobe.com resources

Recommendation Engine Content Insights Content Management Mobile Analytics Cohort Analysis Analytics