Configuration file properties

The configuration file specifies the following properties. For property names that include n, n represents an integer starting with 1 and increasing for each instance of the property.

Property/Command Line Option Description
policy.name

-n policyname

The human-readable policy name.
policy.requireKeyServer

-keyServer boolean

If true, an HTTPS Key Server is required for key delivery to iOS. Default is false, if not specified.
policy.enforceJailbreak

-enforceJailbreak boolean

If true, for devices that support jailbreak detection, do not allow playback if jailbreak has been detected.
policy.critical

-critical boolean

Set policy criticality. If true, the server must understand all parts of the policy (this is the default behavior). If false, the server may ignore policy attributes it does not understand.
policy.chaining.asymmetric.certfile License server certificate whose public key is used to encrypt the root encryption key for the Enhanced License Chaining This property specifies a file that contains the certificate only (either PEM or DER format is acceptable).
policy.chaining.rootKey

-rootKey root-key

Specify root encryption key for the Enhanced License Chaining. If no key is specified, and Enhanced License Chaining is enabled, a random key will be generated. The key must be 16 bytes in length and specified as Hex values. Whitespace between the Hex values is optional. For updates, the command line option is not allowed, and the property is ignored.
policy.domain.url

-domainURL url

URL of domain server, if domain registration is required. For updates, the command line option is not allowed, and the property is ignored.
policy.domain.anonymous

-domainAnon

Specifies whether anonymous domain registration is allowed. Set the property to true or include this command line option to allow anonymous access. This option cannot be used with -domainAuthNS.
policy.domain.authNamespace

-domainAuthNS namespace

The authentication namespace for domain registration. If specified, the client should authenticate with a user name and password issued by the specified authority. For updates, the command line option is not allowed, and the property is ignored. This option cannot be used with -domainAnon.
policy.outputProtection.analog

-opAnalog AnalogOption

Analog output protection constraints. The following values are supported:
  • NO_PROTECTION

  • USE_IF_AVAILABLE

  • USE_IF_AVAILABLE_ACP

  • USE_IF_AVAILABLE_CGMSA

  • REQUIRED

  • REQUIRED_ACP

  • REQUIRED_CGMSA

  • NO_PLAYBACK

policy.drmVersionBlacklist.n

-drmBlacklist name/value-pairs

DRM clients restricted from accessing protected content. This option specifies a list of versions of DRM modules that may not be used (block list). The value consists of comma separated name=value pairs with the following format:

os|release|arch|model|vendor|env|screen=value

Additional name/value pairs must be comma-separated. For example: os=Win,release=2.0,arch=32.

policy.runtimeVersionBlacklist.n

-runtimeBlacklsit name/value-pairs

Application runtimes restricted from accessing protected content. This option specifies a list of versions of runtime modules that may not be used (block list). The value consists of comma separated name=value pairs with the following format:

os|release|application|arch|model|vendor|env|screen=value

Additional name/value pairs must be comma-separated. For example, os=Win,application=AIR.

policy.v1DeviceCapabilities

-devCapabilitiesV1 name/value-pairs

Specifies device capabilities required to access protected content. The value consists of comma separated name=value pairs with the following format:

nonUserAccessibleBus|hardwareRootOfTrust=true|false

For example, nonUserAccessibleBus=false,hardwareRootOfTrust=true. During update, use -devCapabilitiesV1 without the remaining arguments to remove the device capabilities restriction.

policy.syncFrequency

-sync name/value-pairs

Specify how often clients are required to send synchronization messages to the server. If not set, clients will not send synchronization messages when playing content protected with this policy. The value consists of comma separated name=value pairs with the following format:

start|force|hardStop=numberValue

  • start (required) - Start interval specifies the client should start synchronizing with the server this many minutes since the last synchronization.
  • force (optional) - Force synchronization probability is the probability (0-100) with which the client should force a synchronization message during playback.
  • hardStop (optional) - Hard stop interval is the time in minutes after which the client will fail playback if unable to synchronize. If set, must be greater than start interval.
During update, use -sync without the remaining arguments to remove the synchronization requirements.

policy.useRootLicense Indicates whether this policy has a root license (see Enhanced License Chaining in Using Adobe Access for Protecting Content).
policy.startDate The date after which content is valid. Use the format yyyy-mm-dd (for example, 2009-01-31 represents January 31 at 12:00 AM) or yyyy-mm-dd-h24:min:sec (for example, 2009-01-31-14:30:00 represents January 31 at 2:30 PM).
policy.expiration.endDate

The date before which content is valid. Both policy.expiration.endDate and policy.expiration.duration may not be specified concurrently. Use the format yyyy-mm-dd or yyyy-mm-dd-h24:min:sec (for example, 2009-01-31-14:30:00 represents January 31 at 2:30 PM).

policy.expiration.duration

The amount of time the content is valid (in minutes), starting from when it is packaged. Both policy.expiration.endDate and policy.expiration.duration may not be specified at the same time.

policy.licenseCaching.duration

Amount of time a license may be cached on the client (in minutes). Set this property to 0 to disallow license caching. The value must be 0 or higher. Both policy.licenseCaching.duration and policy.licenseCaching.endDate may not be used concurrently.

Note: This policy setting is applied only to the license caching on the disk. It doesn't control memory cached license duration. License can be cached on memory even if policy specified duration is zero.

policy.licenseCaching.endDate

The date after which licenses may not be cached. Both policy.licenseCaching.duration and policy.licenseCaching.endDate may not be used concurrently.

policy.anonymous

Indicates whether anonymous license acquisition is allowed. The default is "false" (username/password authentication is required) if not specified.

policy.authNamespace

If username/password authentication is required, this property specifies an optional name qualifier for user names.

policy.customProp.n

Custom name/value pairs to be used by the server during license acquisition. Use the following format for specifying properties: policy.customProp.n=name=value

policy.playbackWindow

Specifies the playback window (in minutes), which is the duration for which the license is valid after the first time it is used to play protected content.

policy.outputProtection.digital

Output protection constraints. Values must be one of the following:

NO_PROTECTION, USE_IF_AVAILABLE, REQUIRED, NO_PLAYBACK

policy.drmMinSecurityLevel

The DRM module must have the specified minimum security level, or higher, to access protected content.

policy.runtimeMinSecurityLevel

The application runtime module must have the specified minimum security level, or higher, to access protected content.

policy.allowedAIRApplication.n

A allow list of Adobe AIR or iOS applications allowed to play protected content. The property must use the following format: pubId[:appId[:[min]:[max]]]

policy.allowedSWFApplication.n

A allow list of SWF applications allowed to play protected content. Use the following format:

URL or file=swf_file,time=max_time_to_verify swf_file is the SWF file for which to compute the hash and max_time_to_verify is the maximum time to allow for download and verification of the SWF to complete (in seconds).

policy.license.customProp.n

Custom name/value pairs to be included in licenses issued to users. Use the following format:

policy.license.customProp.n=name=value

This option can be defined multiple times for multiple custom properties.

On this page

Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Maker Awards Banner

Time to shine!

Apply now for the 2021 Adobe Experience Maker Awards.

Apply now
Adobe Maker Awards Banner

Time to shine!

Apply now for the 2021 Adobe Experience Maker Awards.

Apply now