HLS Encryption
Bitmovin supports HLS encryption with AES-128 and SAMPLE-AES now. Bitmovin already supports DRM for MPEG-DASH with Widevine Modular and Microsoft PlayReady. The next logical step was to support encryption for HLS with AES-128 and SAMPLE-AES as well.
How to Encrypt your HLS Content
![apple_hls_640[1]](https://b3148424.smushcdn.com/3148424/wp-content/uploads/2015/08/apple_hls_6401.jpg?lossy=2&strip=1&webp=1)
The easiest way to encrypt your HLS content using AES-128 or SAMPLE-AES is to start with one of our API clients. Currently, encryption is only supported through the API and examples are only implemented for the PHP and Python API clients. We will add comprehensive examples for all other API clients in the next few days, so stay tuned.
API Client Examples
Let’s look at the example using the PHP API client. The important part here is to use the HLSEncryptionConfig object. For testing you can use the data provided in our example below:
$hlsEncryptionConfig = new HLSEncryptionConfig(); $hlsEncryptionConfig->method = HLSEncryptionMethods::SAMPLE_AES; $hlsEncryptionConfig->key = 'cab5b529ae28d5cc5e3e7bc3fd4a544d'; $hlsEncryptionConfig->iv = '08eecef4b026deec395234d94218273d'; $hlsEncryptionConfig->uri = 'https://your.license.server/getlicense'; $jobConfig = new JobConfig(); ... $jobConfig->hlsEncryptionConfig = $hlsEncryptionConfig; $job = Job::create($jobConfig);
The parameters of the HLSEncryptionConfig have the following meaning:
- method: You can either encrypt your content using AES_128 or SAMPLE_AES
- key: You need to provide a key that will be used to encrypt the content (16 byte; 32 hexadecimal characters).
- iv: The initialization vector is optional. If it is not provided, we will generate one for you. (16 byte; 32 hexadecimal characters)
- uri: If provided, this URI will be placed in the M3U8 playlist file to retrieve the decryption key for playout. Otherwise a keyfile will be generated together with the content that will be referenced from the M3U8 playlist file.
HLS and MPEG-DASH Encryption
It is also possible to create encrypted HLS content and DRM protected MPEG-DASH content for Widevine and PlayReady with one single job. There are also examples available for the PHP and Python API client:
The important parts are to use the HLSEncryptionConfig and CombinedWidevinePlayreadyDRMConfig objects. For testing you can use the data provided in our example below:
$combinedWidevinePlayreadyDRMConfig = new CombinedWidevinePlayreadyDRMConfig(); $combinedWidevinePlayreadyDRMConfig->pssh = 'CAESEOtnarvLNF6Wu89hZjDxo9oaDXdpZGV2aW5lX3Rlc3QiEGZrajNsamFTZGZhbGtyM2oqAkhEMgA='; $combinedWidevinePlayreadyDRMConfig->key = '100b6c20940f779a4589152b57d2dacb'; $combinedWidevinePlayreadyDRMConfig->kid = 'eb676abbcb345e96bbcf616630f1a3da'; $combinedWidevinePlayreadyDRMConfig->laUrl = 'http://playready.directtaps.net/pr/svc/rightsmanager.asmx?PlayRight=1&ContentKey=EAtsIJQPd5pFiRUrV9Layw=='; $combinedWidevinePlayreadyDRMConfig->method = DRMEncryptionMethods::MPEG_CENC; $hlsEncryptionConfig = new HLSEncryptionConfig(); $hlsEncryptionConfig->method = HLSEncryptionMethods::SAMPLE_AES; $hlsEncryptionConfig->key = 'cab5b529ae28d5cc5e3e7bc3fd4a544d'; $hlsEncryptionConfig->iv = '08eecef4b026deec395234d94218273d'; $hlsEncryptionConfig->uri = 'https://your.license.server/getlicense'; $jobConfig = new JobConfig(); ... $jobConfig->drmConfig = $combinedWidevinePlayreadyDRMConfig; $jobConfig->hlsEncryptionConfig = $hlsEncryptionConfig; $job = Job::create($jobConfig);
Playback your HLS Encrypted Content
To test your content, you can go to our bitdash HLS demo page and paste the link to your M3U8 manifest file from your encoding job (currently only with AES-128, SAMPLE-AES is work in progress on the client side). Of course you can also test the content on iOS devices by just pasting the M3U8 manifest URL to your address bar of the Safari browser.
We are happy to help you with HLS encryption for your content. Just contact us at. Contact Support.
