Packagers and Encoders
Axinom DRM can be used with a variety of packagers and encoders. On the left side, you will find a list of popular packagers and encoders with specific steps on how to integrate Axinom DRM. The list is not exhaustive and will be updated regularly.
If you are not sure if and how Axinom DRM integrates with the tool of your choice, contact Axinom Support.
Integration in a nutshell​
Typically, packagers acquire encryption keys from a Key Service and then encrypt the video content with the received encryption keys. You will supply your Axinom DRM credentials to the packager and configure the packager to use the Axinom DRM Key Service.
Most packagers use for this purpose one of the two popular key acquisition protocols:
Some tools use custom integrations with Axinom DRM. Such cases are explicitly mentioned in the respective integration guides.
Prerequisites​
To use Axinom DRM:
- Register on the Axinom Portal
- Start a free trial
- Go to My Mosaic / DRM and acquire credentials
- For using the SPEKE protocol you will need the following information:
- Key Service Tenant ID (a UUID)
- Key Service Management Key (a UUID)
- SPEKE endpoint URL (https://key-server-management.axprod.net/api/SpekeV2 for SPEKE v2 or https://key-server-management.axprod.net/api/Speke for SPEKE v1)
- For using the Widevine Common Encryption protocol you will need the following information:
- Widevine Provider Name
- Widevine Signing Key
- Widevine Signing IV
- Once you are ready to go to production, upgrade your Axinom account to a paid plan.
Key ID considerations​
Each encryption key has a public identifier - so called Key ID (also called key_id or KID) - a GUID. You will need the value of the Key ID later to generate an entitlement message to send a DRM license request.
Some tools let you specify the Key ID, others generate it automatically.
If you can’t find the Key ID, with SPEKE, there are two workarounds:
In any case, the Key ID can be found in the generated video manifest file.
For DASH, search for the attribute "KID":
cenc:default_KID="<Key ID>"
For HLS, search for this line:
URI="skd://<Key ID>:<Initialization Vector>"
Content ID​
Most of the tools ask for a "content_id" or "resource_id" for each video or live stream you protect.
This value is important for tracking and for matching the assets with the other systems, such as Content Management Systems. But this value is not used for encryption.
You can track the keys used for encrypting an asset storing the mapping between the Content ID and the Key ID.
One key vs Multiple keys​
Some tools allow generating multiple encryption keys for a single video asset.
It is a recommended practice these days, to use different encryption keys for different video/audio profiles (SD, HD, UHD) within a single asset. For details, you can refer to the SVTA OTT Security Checklist (section 6.3) or to the Widevine recommendations.
Main difference between SPEKE v1 and SPEKE v2 is that SPEKE v2 supports multiple keys per asset.
Manual key acquisition​
Some packagers won’t contact a Key Service, but instead let you manually acquire an encryption key and then provide it as an input for packaging (e.g., GCP Live Stream API).
In this case, you can acquire an encryption key directly from the Axinom Key Service using its API:
- AWS SPEKE (we encourage you to use SPEKE V2) or
- Widevine Common Encryption.
To test your integration you can use Axinom tools to generate test keys:
If you need a code sample for programmatically requesting a key in your programming language, check out this pages:
If you need more samples or samples in other programming languages, contact Axinom Support.
Once you have an encryption key, provide it to the packager following the instructions of the tool’s vendor.
Treat the key securely so it can’t leak between your code and the packager.