Frequently-used terms that require special definition.

Content Encryption Key

The content encryption key (CEK), generated by a utility, is subsequently used by a content packager in preparing content that must be protected.
The utility generates the key in hex with a length of 16 bytes.
This guide shows, in notes and error message, file, and command samples, the following variants of parameter names and value names for the CEK:

  • content key
  • &contentKey=
  • ?cek=
  • <CEK>

Filenames for a CEK are shown as:

  • keyfile.bin
  • creds/fairplaybin
  • Jaigo_DASH/_info/key.B64.random

The CEK itself can be stored in a key management system as well as encrypted. This guide refers to the storage index as the CEK Storage ID CEKSID. The term Key Encryption Key (KEK) refers to the second-level encryption key, and the term ek refers to the value of that encryption.
Some calls use both the CEK and the CEK Storage ID CEKSID, and the CEK retrieved from storage must match the CEK provided in the call.
For HLS Offline with FairPlay, there is also a persistentContentKey which can be set to expire.

Content Encryption Key Storage ID

The Content Encryption Key Storage ID (CEKSID) is an ID for retrieving a Content Encryption Key from a key management system.

The CEKSID is also referred to as

  • Key ID
  • Content ID
  • &kid

Customer authenticator

A key for authentication in requests to the API of Expressplay. Requests can include requests for tokens.

On this page