All Products
Search
Document Center

ApsaraVideo Live:Configure DRM encryption

Last Updated:Feb 21, 2024

You can add and manage certificates in the ApsaraVideo Live console to implement Digital Rights Management (DRM) encryption for live streams, and then use ApsaraVideo Player to decrypt and play the DRM-encrypted streams. This topic describes how to configure the DRM encryption feature in the ApsaraVideo Live console.

Prerequisites

  • ApsaraVideo Live is activated and the basic procedure is completed, involving adding a streaming domain and an ingest domain and associating them. For more information about the basic procedure, see Get started with ApsaraVideo Live.

  • An Alibaba Cloud Key Management Service (KMS) instance is purchased. For more information, see Purchase and enable a KMS instance.

  • A FairPlay Streaming certificate is obtained if your application runs on iOS. Keep your FairPlay Streaming certificate, private key, passphrase, and Application Secret key (ASk) confidential. For more information, see Apply for a FairPlay Streaming certificate.

Background information

ApsaraVideo Live provides the DRM encryption feature to secure live streaming content, including FairPlay DRM encryption and Widevine DRM encryption. For more information, see DRM encryption.

Usage notes

Item

Description

Management method

You cannot configure DRM encryption by calling API operations. Instead, you must configure DRM encryption in the ApsaraVideo Live console.

Live centers

DRM encryption is available only in the live centers of the China (Shanghai), Singapore, and Indonesia (Jakarta) regions.

Method to enable DRM encryption

If this is the first time you enable DRM encryption for a domain name, you must submit a ticket.

Player version

DRM is supported only on ApsaraVideo Player V5.3.4 and later.

Configure DRM encryption in the console

To use DRM encryption, you must upload a certificate, create a key, add the key, and configure a transcoding template in the Alibaba Cloud Management Console.

  1. (Optional) Upload a certificate.

    Note

    To use FairPlay DRM encryption, you must apply for a FairPlay Streaming certificate from Apple. If you want to use FairPlay DRM encryption for applications that run on iOS, you must upload the FairPlay Streaming certificate to the ApsaraVideo Live console.

    1. Log on to the ApsaraVideo Live console.

    2. In the left-side navigation pane, click DRM Management. On the DRM Management page, click the Certificates tab.

    3. Click Upload Certificate to upload a certificate.

      You must upload a certificate file and a private key file and enter the passphrase and ASk. The preceding files and information can be obtained when you apply for the certificate. 上传证书

    4. Click OK.

  2. Create a key. For more information, see Manage a key.

    After a key is created, copy the key.

  3. Add the key to the ApsaraVideo Live console.

    1. Return to the ApsaraVideo Live console.

    2. In the left-side navigation pane, click DRM Management. On the DRM Management page, click the Keys tab.

    3. Click the Edit icon.

      添加密钥

    4. In the Enter Key dialog box, paste the key that you copied in Step 2.

      填写密钥

    5. Click OK.

  4. Configure a transcoding template.

    1. In the left-side navigation pane of the ApsaraVideo Live console, click Domains to go to the Domain Management page.

    2. Find the streaming domain that you want to configure and click Domain Settings in the Actions column.

    3. Choose Templates > Transcoding Settings.

    4. Click the Custom tab, then click the Add button. In the Transcoding Settings dialog box, turn on the Video Encryption switch.

      For more information about other parameters, see Configure custom transcoding. 视频加密

Enable DRM encryption

If this is the first time you enable DRM encryption for a domain name, you must submit a ticket.

Obtain a DRM-encrypted streaming URL

Example of a DRM-encrypted streaming URL:

http://demo.aliyundoc.com/liveApp****/liveStream****?auth_key=12345****
Note
  • Specify the application name, stream name, and transcoding template ID in the URL based on the live stream information. For more information, see Generate ingest and streaming URLs.

  • Set auth_key to the access token of the live stream. For more information, see URL signing.

You can use the following methods to obtain a DRM-encrypted streaming URL:

  • Construct a DRM-encrypted streaming URL based on the concatenation rules.

  • Use the URL generator to generate a streaming URL based on your transcoding template. For more information, see Live URL generator.

  • View the streaming URL of the live stream on the Stream Management page. For more information, see Manage streams.

Configure ApsaraVideo Player

The DRM encryption feature works together with ApsaraVideo Player to facilitate your development. When you use ApsaraVideo Player to play DRM-encrypted live streams, take note of the following considerations:

  • The version of ApsaraVideo Player must be V5.3.4 or later. You can use FairPlay DRM encryption for iOS and Widevine DRM encryption for Android.

  • If you use ApsaraVideo Player for Android, we recommend that you use SurfaceView to secure the playback of live streams.

  • If you use ApsaraVideo Player for iOS, you must call the setFairPlayCertID method of AliPlayerGlobalSettings to specify the ID of your FairPlay Streaming certificate. The method is called only once. To obtain the ID of the FairPlay Streaming certificate, go to the ApsaraVideo Live console, click DRM Management in the left-side navigation pane, and then click the Certificates tab.

Note

When you play a live stream that has a high security level, you cannot rotate the screen, mirror the screen, or take snapshots.