This topic shows you how to use the digital rights management (DRM) encryption feature in the Alibaba Cloud Management Console. To use the DRM encryption feature, you must upload certificates, and configure keys, transcoding templates, and ApsaraVideo Player.

Prerequisites

  • ApsaraVideo Live is activated. Basic operations are complete, such as adding a streaming domain and an ingest domain, and binding an ingest domain to a streaming domain. For more information, see Quick start.
  • Key Management Service (KMS) is activated. For more information, see Activate KMS.
  • A FairPlay Streaming certificate is obtained if you develop applications that run on iOS. Keep your certificate, private key, passphrase, and Application Secret key (ASk) confidential. For more information, see Apply for a FairPlay Streaming certificate.

Background information

The DRM encryption feature is provided by ApsaraVideo Live to ensure security. FairPlay and Widevine DRM encryption technologies are supported. You can add and manage certificates in the ApsaraVideo Live console to encrypt live streams. Then, you can use ApsaraVideo Player to decrypt and play DRM-encrypted live streams. For more information, see DRM encryption.

Limits
  • You cannot configure the DRM encryption feature by calling API operations. Instead, you must configure this feature in the Alibaba Cloud Management Console.
  • Only the live center of the Singapore (Singapore) region is supported.
  • If you enable the DRM encryption feature for a domain name for the first time, you must submit a ticket.
  • Only ApsaraVideo Player V5.3.4 and later versions are supported.

Configure the DRM encryption feature in the Alibaba Cloud Management Console

Before you use the DRM encryption feature, you must upload certificates, create keys, add keys, and configure transcoding templates.

  1. Optional. Upload a certificate.
    Note To use FairPlay DRM encryption, you must apply for a FairPlay Streaming certificate from Apple. If you want to use FairPlay DRM encryption for applications that run on iOS, you must upload the FairPlay Streaming certificate to the ApsaraVideo Live console.
    1. Log on to the ApsaraVideo Live console.
    2. In the left-side navigation pane, click DRM Management. On the DRM Management page, click the Certificates tab.
    3. Click Upload Certificate and upload a certificate.
      You must upload a certificate file and a private key file, and enter the passphrase and ASk. The preceding files and information can be obtained when you apply for a certificate. Upload Certificate
    4. Click OK.
  2. Create a key.
    1. Log on to the KMS console.
    2. In the upper-left corner of the KMS console, select the region in which you want to create a key.
      Create Key
    3. In the left-side navigation pane, click Keys. On the page that appears, click Create Key.
    4. In the Create Key dialog box, set the parameters as required.
      We recommend that you retain the default settings. For more information about the parameters, see Create a CMK.
    After a key is created, copy the key generated on the page.
  3. Add the key to the ApsaraVideo Live console.
    1. Log on to the ApsaraVideo Live console.
    2. In the left-side navigation pane, click DRM Management. On the DRM Management page, click the Keys tab.
    3. Click the Edit icon.
      Create Key
    4. In the Enter Key dialog box, paste the key that you copied in Step 2.
      Enter Key
    5. Click OK.
  4. Configure a transcoding template.
    1. In the left-side navigation pane of the ApsaraVideo Live console, click Domains to go to the Domain Management page.
    2. Find the streaming domain that you want to configure and click Domain Settings in the Actions column.
    3. Choose Templates > Transcoding Settings.
    4. Click the Custom tab. Then, click Add. In the Transcoding Settings dialog box, turn on Video Encryption.
      For more information about the parameters, see Configure custom transcoding. Video Encryption

Enable the DRM encryption feature

If you enable the DRM encryption feature for a domain name for the first time, you must submit a ticket.

To use the DRM encryption feature for another domain name, you must submit another ticket.

Obtain a DRM-encrypted streaming URL

Example of a DRM-encrypted streaming URL:
http://test****.aliyun.com/appnanme/steamname_groupid.m3u8?aliyunols=on&auth_key=123456789
Description:
  • The aliyunols field is required and has a fixed value of on.
  • Specify the appname, streamname, and groupid fields based on your live stream information. For more information, see Ingest and streaming URLs.
  • The auth_key field indicates an access token. For more information about authentication, see URL signing.
Methods to obtain a DRM-encrypted streaming URL:
  • You can construct a DRM-encrypted streaming URL based on the concatenation rules.
  • You can use the URL generator to generate a DRM-encrypted streaming URL based on the configurations of your transcoding template group. For more information, see Use the URL generator.
  • You can go to the Ingest Endpoints page to view the streaming URL of the live stream. For more information, see Manage streams.

Configure ApsaraVideo Player

The DRM encryption feature works together with ApsaraVideo Player to facilitate your development. To use ApsaraVideo Player to play DRM-encrypted live streams, you must configure the following settings:
  • The version of ApsaraVideo Player must be V5.3.4 or later. You can use FairPlay DRM encryption for iOS and Widevine DRM encryption for Android.
  • If you use ApsaraVideo Player for Android, we recommend that you use SurfaceView to play live streams with high security levels.
  • If you use ApsaraVideo Player for iOS, you must call the setFairPlayCertID method of AliPlayerGlobalSettings to specify the ID of your FairPlay Streaming certificate. This method needs to be called only once. To obtain the ID of the FairPlay Streaming certificate, go to the ApsaraVideo Live console, click DRM Management in the left-side navigation pane, and then click the Certificates tab.
Note When you play a live stream with a high security level, you cannot rotate or mirror the images of the live stream, or take snapshots from the live stream.