Using PlayReady Key Server¶
Shaka Packager can talk to PlayReady Key Server that implements AcquirePackagingData Web Method specification to fetch encryption keys.
Refer to DRM if you are interested in generating multi-DRM contents.
Synopsis¶
$ packager <stream_descriptor> ... \
--enable_playready_encryption \
--playready_server_url <playready_server_url> \
--program_identifier <program_identifier> \
--client_cert_file <client_cert_file> \
--client_cert_private_key_file <client_cert_private_key_file> \
--client_cert_private_key_password <client_cert_private_key_password> \
--ca_file <ca_file> \
[Other options, e.g. DASH options, HLS options]
The –client_cert_xx and –ca_file parameters can be omitted if not required by the key server.
Configuration options¶
General encryption options¶
- --protection_scheme <scheme>
Specify a protection scheme, ‘cenc’ or ‘cbc1’ or pattern-based protection schemes ‘cens’ or ‘cbcs’.
- --crypt_byte_block
Specify the count of the encrypted blocks in the protection pattern, where block is of size 16-bytes.
There are three common patterns (crypt_byte_block:skip_byte_block): 1:9 (default), 5:5, 10:0.
Apply to video streams with ‘cbcs’ and ‘cens’ protection schemes only; ignored otherwise.
- --skip_byte_block
Specify the count of the unencrypted blocks in the protection pattern.
Apply to video streams with ‘cbcs’ and ‘cens’ protection schemes only; ignored otherwise.
- --vp9_subsample_encryption, --novp9_subsample_encryption
Enable / disable VP9 subsample encryption. Enabled by default.
- --clear_lead <seconds>
Clear lead in seconds if encryption is enabled. Shaka Packager does not support partial encrypted segments, all the segments including the partial segment overlapping with the initial ‘clear_lead’ seconds are not encrypted, with all the following segments encrypted. If segment_duration is greater than ‘clear_lead’, then only the first segment is not encrypted. Default: 5
- --protection_systems
Protection systems to be generated. Supported protection systems include Widevine, PlayReady, FairPlay, Marlin, and CommonSystem.
- --playready_extra_header_data <string>
Extra XML data to add to PlayReady PSSH data. Can be specified even if using another key source.
PlayReady encryption options¶
- --enable_playready_encryption
Enable encryption with PlayReady key. This generates PlayReady protection system if –protection_systems is not specified. Use –protection_system to generate multiple protection systems.
- --playready_server_url <url>
PlayReady packaging server url.
- --program_identifier <program_identifier>
Program identifier for packaging request.
- --ca_file <file path>
Absolute path to the certificate authority file for the server cert. PEM format. Optional, depends on server configuration.
- --client_cert_file <file path>
Absolute path to client certificate file. Optional, depends on server configuration.
- --client_cert_private_key_file <file path>
Absolute path to the private key file. Optional, depends on server configuration.
- --client_cert_private_key_password <string>
Password to the private key file. Optional, depends on server configuration.