The configuration file specifies the following properties. For property names that include
n represents an integer starting with 1 and increasing for each instance of the property.
|Property/Command Line Option||Description|
|The human-readable policy name.|
|If true, an HTTPS Key Server is required for key delivery to iOS. Default is false, if not specified.|
|If true, for devices that support jailbreak detection, do not allow playback if jailbreak has been detected.|
|Set policy criticality. If true, the server must understand all parts of the policy (this is the default behavior). If false, the server may ignore policy attributes it does not understand.|
|policy.chaining.asymmetric.certfile||License server certificate whose public key is used to encrypt the root encryption key for the Enhanced License Chaining This property specifies a file that contains the certificate only (either PEM or DER format is acceptable).|
|Specify root encryption key for the Enhanced License Chaining. If no key is specified, and Enhanced License Chaining is enabled, a random key will be generated. The key must be 16 bytes in length and specified as Hex values. Whitespace between the Hex values is optional. For updates, the command line option is not allowed, and the property is ignored.|
|URL of domain server, if domain registration is required. For updates, the command line option is not allowed, and the property is ignored.|
|Specifies whether anonymous domain registration is allowed. Set the property to true or include this command line option to allow anonymous access. This option cannot be used with -domainAuthNS.|
|The authentication namespace for domain registration. If specified, the client should authenticate with a user name and password issued by the specified authority. For updates, the command line option is not allowed, and the property is ignored. This option cannot be used with -domainAnon.|
|Analog output protection constraints. The following values are supported:
|DRM clients restricted from accessing protected content. This option specifies a list of versions of DRM modules that may not be used (block list). The value consists of comma separated name=value pairs with the following format:
Additional name/value pairs must be comma-separated. For example: os=Win,release=2.0,arch=32.
|Application runtimes restricted from accessing protected content. This option specifies a list of versions of runtime modules that may not be used (block list). The value consists of comma separated name=value pairs with the following format:
Additional name/value pairs must be comma-separated. For example, os=Win,application=AIR.
Specifies device capabilities required to access protected content. The value consists of comma separated name=value pairs with the following format:
For example, nonUserAccessibleBus=false,hardwareRootOfTrust=true. During update, use -devCapabilitiesV1 without the remaining arguments to remove the device capabilities restriction.
Specify how often clients are required to send synchronization messages to the server. If not set, clients will not send synchronization messages when playing content protected with this policy. The value consists of comma separated name=value pairs with the following format:
|policy.useRootLicense||Indicates whether this policy has a root license (see Enhanced License Chaining in Using Adobe Access for Protecting Content).|
|policy.startDate||The date after which content is valid. Use the format yyyy-mm-dd (for example, 2009-01-31 represents January 31 at 12:00 AM) or yyyy-mm-dd-h24:min:sec (for example, 2009-01-31-14:30:00 represents January 31 at 2:30 PM).|
The date before which content is valid. Both policy.expiration.endDate and policy.expiration.duration may not be specified concurrently. Use the format yyyy-mm-dd or yyyy-mm-dd-h24:min:sec (for example, 2009-01-31-14:30:00 represents January 31 at 2:30 PM).
The amount of time the content is valid (in minutes), starting from when it is packaged. Both policy.expiration.endDate and policy.expiration.duration may not be specified at the same time.
Amount of time a license may be cached on the client (in minutes). Set this property to 0 to disallow license caching. The value must be 0 or higher. Both policy.licenseCaching.duration and policy.licenseCaching.endDate may not be used concurrently.
Note: This policy setting is applied only to the license caching on the disk. It doesn't control memory cached license duration. License can be cached on memory even if policy specified duration is zero.
The date after which licenses may not be cached. Both policy.licenseCaching.duration and policy.licenseCaching.endDate may not be used concurrently.
Indicates whether anonymous license acquisition is allowed. The default is "false" (username/password authentication is required) if not specified.
If username/password authentication is required, this property specifies an optional name qualifier for user names.
Custom name/value pairs to be used by the server during license acquisition. Use the following format for specifying properties: policy.customProp.n=name=value
Specifies the playback window (in minutes), which is the duration for which the license is valid after the first time it is used to play protected content.
Output protection constraints. Values must be one of the following:
NO_PROTECTION, USE_IF_AVAILABLE, REQUIRED, NO_PLAYBACK
The DRM module must have the specified minimum security level, or higher, to access protected content.
The application runtime module must have the specified minimum security level, or higher, to access protected content.
A allow list of Adobe AIR or iOS applications allowed to play protected content. The property must use the following format: pubId[:appId[:[min]:[max]]]
A allow list of SWF applications allowed to play protected content. Use the following format:
URL or file=swf_file,time=max_time_to_verify swf_file is the SWF file for which to compute the hash and max_time_to_verify is the maximum time to allow for download and verification of the SWF to complete (in seconds).
Custom name/value pairs to be included in licenses issued to users. Use the following format:
This option can be defined multiple times for multiple custom properties.