Raw key encryption options

--enable_raw_key_encryption

Enable encryption with raw key (keys provided in command line)). This generates Common protection system if neither –pssh nor –protection_systems is specified. Use –pssh to provide custom protection systems or use –protection_systems to generate protection systems automatically.

--enable_raw_key_decryption

Enable decryption with raw key (keys provided in command line).

--keys <key_info_string[,key_info_string][,key_info_string]…>

key_info_string is of the form:

label=<label>:key_id=<key_id>:key=<key>[:iv=<initialization_vector>]

label can be an arbitrary string or a predefined DRM label like AUDIO, SD, HD, etc. Label with an empty string indicates the default key and key_id. The drm_label in Stream descriptors, which can be implicit, determines which key info is applied to the stream by matching the drm_label with the label in key info.

key_id and key should be 32-digit hex strings.

initialization_vector is an optional IV with the same format and semantics as the parameter for the –iv option below. This is mutually exclusive with that option.

--iv <16-digit or 32-digit hex string>

IV in hex string format. If not specified, a random IV will be generated. This flag should only be used for testing. IV must be either 8 bytes (16 digits HEX) or 16 bytes (32 digits in HEX).

--pssh <hex string>

One or more concatenated PSSH boxes in hex string format. If neither this flag nor –protection_systems is specified, a v1 common PSSH box will be generated.