This topic shows you how to configure the digital rights management (DRM) encryption feature in the Alibaba Cloud Management Console. To use DRM encryption, you must upload a certificate and configure a key, a transcoding template, and ApsaraVideo Player.

Prerequisites

  • ApsaraVideo Live is activated. Basic operations are complete. For example, you must add a streaming domain and an ingest domain, and then bind the ingest domain to the streaming domain. For more information, see Quick start.
  • Alibaba Cloud Key Management Service (KMS) is activated. For more information, see Activate KMS.
  • A FairPlay Streaming certificate is obtained if you use iOS. Keep your certificate, private key, passphrase, and Application Secret key (ASk) confidential. For more information, see Apply for a FairPlay Streaming certificate.

Background information

The DRM encryption feature is provided by ApsaraVideo Live to ensure security. FairPlay and Widevine DRM encryption technologies are supported. You can add and manage certificates in the ApsaraVideo Live console to encrypt live streams, and use ApsaraVideo Player to decrypt and play DRM-encrypted live streams. For more information, see DRM encryption.

Limits

Item Description
Management method You cannot configure DRM encryption by calling API operations. Instead, you must configure DRM encryption in the ApsaraVideo Live console.
Live centers DRM encryption is available only in the live centers of the China (Shanghai), Singapore (Singapore), and Indonesia (Jakarta) regions.
Method to enable DRM encryption If you enable DRM encryption for a domain name for the first time, you must submit a ticket.
Player version DRM is supported only for ApsaraVideo Player V5.3.4 and later.

Configure DRM encryption in the console

You must upload a certificate, create a key, add the key, and configure a transcoding template in the Alibaba Cloud Management Console before you can use DRM encryption.

  1. (Optional) Upload a certificate.
    Note To use FairPlay DRM encryption, you must apply for a FairPlay Streaming certificate from Apple. If you want to use FairPlay DRM encryption for applications that run on iOS, you must upload the FairPlay Streaming certificate to the ApsaraVideo Live console.
    1. Log on to the ApsaraVideo Live console.
    2. In the left-side navigation pane, click DRM Management. On the DRM Management page, click the Certificates tab.
    3. Click Upload Certificate and upload a certificate.
      You must upload a certificate file and a private key file, and enter the passphrase and ASk. The preceding files and information can be obtained when you apply for a certificate. Upload Certificate
    4. Click OK.
  2. Create a key.
    1. Log on to the KMS console.
    2. In the top navigation bar, select the region in which you want to create a key.
      Create Key
    3. In the left-side navigation pane, click Keys. On the page that appears, click Create Key.
    4. In the Create Key dialog box, configure the parameters based on your business requirements.
      We recommend that you retain the default settings. For more information about the parameters, see Create a CMK.
    After a key is created, copy the key.
  3. Add the key to the ApsaraVideo Live console.
    1. Log on to the ApsaraVideo Live console.
    2. In the left-side navigation pane, click DRM Management. On the DRM Management page, click the Keys tab.
    3. Click the Edit icon.
      Add a key
    4. In the Enter Key dialog box, paste the key that you copied in Step 2.
      Enter Key
    5. Click OK.
  4. Configure a transcoding template.
    1. In the left-side navigation pane of the ApsaraVideo Live console, click Domains to go to the Domain Management page.
    2. Find the streaming domain that you want to configure and click Domain Settings in the Actions column.
    3. Choose Templates > Transcoding Settings.
    4. Click the Custom tab. Then, click Add. In the Transcoding Settings dialog box, turn on Video Encryption.
      For information about other parameters, see Configure custom transcoding. Video Encryption

Enable DRM encryption

If you enable DRM encryption for a domain name for the first time, you must submit a ticket.

Obtain a DRM-encrypted streaming URL

Example of a DRM-encrypted streaming URL:
http://demo.aliyundoc.com/liveApp****/liveStream****?auth_key=12345****
Notes:
  • Specify the appname, streamname, and groupid fields based on your live stream information. For more information, see Ingest and streaming URLs.
  • The auth_key field indicates an access token. For more information, see URL signing.
Methods to obtain a DRM-encrypted streaming URL:
  • You can construct a DRM-encrypted streaming URL based on the concatenation rules.
  • You can use the URL generator to generate a streaming URL based on the configurations of your transcoding template. For more information, see URL generator.
  • You can go to the Stream Management page to view the streaming URL of the live stream. For more information, see Manage streams.

Configure ApsaraVideo Player

The DRM encryption feature works together with ApsaraVideo Player to facilitate your development. To use ApsaraVideo Player to play DRM-encrypted live streams, you must configure the following settings:
  • The version of ApsaraVideo Player must be V5.3.4 or later. You can use FairPlay DRM encryption for iOS and Widevine DRM encryption for Android.
  • If you use ApsaraVideo Player for Android, we recommend that you use SurfaceView to play live streams with a high security level.
  • If you use ApsaraVideo Player for iOS, you must call the setFairPlayCertID method of AliPlayerGlobalSettings to specify the ID of your FairPlay Streaming certificate. This method needs to be called only once. To obtain the ID of the FairPlay Streaming certificate, go to the ApsaraVideo Live console, click DRM Management in the left-side navigation pane, and then click the Certificates tab.
Note When you play a live stream with a high security level, you cannot rotate the screen, mirror the screen, or take snapshots.