Using PlayReady Key Server¶

Shaka Packager can talk to PlayReady Key Server that implements AcquirePackagingData Web Method specification to fetch encryption keys.

Refer to DRM if you are interested in generating multi-DRM contents.

Synopsis¶

$ packager <stream_descriptor> …

–enable_playready_encryption –playready_server_url <playready_server_url> –program_identifier <program_identifier> –client_cert_file <client_cert_file> –client_cert_private_key_file <client_cert_private_key_file> –client_cert_private_key_password <client_cert_private_key_password> –ca_file <ca_file> [Other options, e.g. DASH options, HLS options]

The –client_cert_xx and –ca_file parameters can be omitted if not required by the key server.

DRM related Stream descriptor fields¶

skip_encryption=0\|1:
	Optional. Defaults to 0 if not specified. If it is set to 1, no encryption of the stream will be made.
drm_label:	Optional value for custom DRM label, which defines the encryption key applied to the stream. Typically values include AUDIO, SD, HD, UHD1, UHD2. For raw key, it should be a label defined in –keys. If not provided, the DRM label is derived from stream type (video, audio), resolutions, etc. Note that it is case sensitive.

General encryption options¶

`--protection_scheme <scheme>`
	Specify a protection scheme, ‘cenc’ or ‘cbc1’ or pattern-based protection schemes ‘cens’ or ‘cbcs’.
`--vp9_subsample_encryption, --novp9_subsample_encryption`
	Enable / disable VP9 subsample encryption. Enabled by default.
`--clear_lead <seconds>`
	Clear lead in seconds if encryption is enabled.
`--protection_systems`
	Protection systems to be generated. Supported protection systems include Widevine, PlayReady, FairPlay, and CommonSystem (https://goo.gl/s8RIhr).

PlayReady encryption options¶

`--enable_playready_encryption`
	Enable encryption with PlayReady key. This generates PlayReady protection system if –protection_systems is not specified. Use –protection_system to generate multiple protection systems.
`--playready_server_url <url>`
	PlayReady packaging server url.
`--program_identifier <program_identifier>`
	Program identifier for packaging request.
`--ca_file <file path>`
	Absolute path to the certificate authority file for the server cert. PEM format. Optional, depends on server configuration.
`--client_cert_file <file path>`
	Absolute path to client certificate file. Optional, depends on server configuration.
`--client_cert_private_key_file <file path>`
	Absolute path to the private key file. Optional, depends on server configuration.
`--client_cert_private_key_password <string>`
	Password to the private key file. Optional, depends on server configuration.