Use case: Key encryption
The CPIX V2.0 specification allows for the encryption of content keys returned to the packager. To enable this feature, key elements are exchanged between the packager and the CPIX Service using version 2.0 or higher:
- Delivery Key
- The delivery key is a public key sent from the packager in the CPIX request.
- This key is used by the CPIX service to encrypt the Document Key and MAC Key it generates to encrypt/verify the content keys.
- The Delivery Key is contained in the element.
- Document Key
- The CPIX service generates the 32-byte document key and uses it to encrypt the content keys.
- The Document Key is then encrypted using the Delivery Key and returned to the packager.
- The Document Key is contained in the element.
- MAC Key
- The CPIX service generates the 64-byte MAC Key and uses it to calculate a message authentication code for each content key.
- The MAC Key is then encrypted using the Delivery Key and returned to the packager.
- The MAC Key is contained in the element.
For more information on key encryption, refer to Key Encryption in the CPIX Document.
Following is an example request for VOD asset “vod_asset“ using Key Encryption for Widevine.
<?xml version="1.0" encoding="utf-8"?>
<cpix:CPIX contentId="vod_asset" version="2.3"
xmlns:cpix="urn:dashif:org:cpix"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<cpix:DeliveryDataList>
<cpix:DeliveryData>
<cpix:DeliveryKey>
<ds:X509Data>
<ds:X509Certificate>
MIIFfzCCA2egAwIBAgIUIe0VzYxVlzF0VFgdoUqU3U+AcTgwDQYJKoZIhvcNAQELBQAwTzEL
MAkGA1UEB
hMCVVMxFTATBgNVBAoMDEJ1eURSTSwgSW5jLjEpMCcGA1UEAwwgS2V5T1MgQ1BJWCBBUEkgK
EVuY29kZX
IgU2FtcGxlKQowHhcNMjAwMjIxMTUwMTAxWhcNMjQwMjIwMTUwMTAxWjBPMQswCQYDVQQGEw
JVUzEVMBM
GA1UECgwMQnV5RFJNLCBJbmMuMSkwJwYDVQQDDCBLZXlPUyBDUElYIEAQSSAoRW5jb2RlciB
TYW1wbGUp
CjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALyFfLFbgHdZPRtNmv2IvfOlFM6R
f0SPhpEQa
79skVpPfjJSsXTld+6l2CifIrgYSd7MDvNiLQzjRS8BV54Nm
/BrdBX7CjeQ5EJhdGgIybAjOhyov/8Luv
cZW46cVJAuZjTFMOzDPC6V6MhOYkTBc0wVeBIl76kKb8sanc7czcDWs1t8PThsG0RwPWCm0T
sFy7vbBQG
RVjCkD9MgrktuLA4JzGS1unkNhuFODaBzlpPQGceTQuUhmXEMFXEDHAVUMjDy
/ZbCdcYXYBxA8T8cfnE1
26AsN83cBMP6dMbQ03i21fVmGbRH+j8TmxAoOqGo/NpXix5XtZs
/ImCi5PjHsOhX5njz1B5oI8DK9hP/F
OO9lwnEiq6Q9huHk6JaOH/+mmY9NtWLQ51W0BMqMCU5zEE+dHT3pqF8SlCzPBNwnuHOb34CR
/Fn1dx+3d
qlXTvBal8li0vdkjo6NCb536E2R3z+5refN0tOabH1XmEHu5jQmGjEYJmN
/U32ctjC7ir7eRk4FxDXm32
HvhOl0QgmHzvu1E+OU/FcnWG7s48sZNzyJnQAEykeVkump1b7eF
/m5ziBLyskJCgFU5rLfoWHSjiI2m0m
aV8WWC+PKQlvmP/vm4faAZqbtYktvdj7T8fslkxFoqkSkhGr8KUNO9z
/ph7DnzN6ZktPWyxhs1KJ2M07A
gMBAAGjUzBRMB0GA1UdDgQWBBS/y/LGRofheeqqDq2yi1bjek6n2jAfBgNVHSMEGDAWgBS/y
/LGRofhee
qqDq2yi1bjek6n2jAPBgNVHRMBAf8EBTADAQH
/MA0GCSqGSIb3DQEBCwUAA4ICAQBo+wUXCbNN3ipkY1b
mpLkat6GXTJJYuJ7
/d04aJjLUO43DDXsw6u3pPKTxcDQXRuYw2+dOK7+2Is39SUpKewVskXgg6ATajAtI
9IRKEnwgD0zcCr2hKjksB8ablxwRROl6lv5gzE8MP2ocWTp0zXiUzSSwCgXjDfrSQHhYzaeW
/mvyuLI4Y
WmdCaVYQlDT6a/72esHKUyDLE3BNibaSSZooyeKm757Gvwu2Ek/HXcU
/xMb8T0O2Jov1h81zSwZVXikY6
50AtC5JZ526VXpyGFIMS8f2P7tn62P1Na6
/ABlDlwwpMS05LWqgSsVwXbtSB50kBYd9y+pk3Lri3CcPrv
OtJYlLUiMkds76EQEKXgrAQDd4EaqITKKokN7KYqiM42AoupO2ylejEkyo3WKLqs9sJyfjbk
GnS1yMIC/
QDAIrzjhxlfyJGTrDwyMrSsVJdOeZftPksveVHeGK9FPFuxBgYsxzSeSFgr1fO5BMWYUb9bX
8ILUQxAPy
ptIP+RXd73mbURMmPq4IDeWIzAIopFErwpgg/Y58cZsBptjNgPD
/rMFxwqjkeS1eHVY4PzR1neGykQdJ0
6uEXvatSiT/tnQy/GcOEaYVZnmuGf1oYFnyxhrBiJn2WtIQNbej/TBb
/jn0jy8buX8RgbQp5UA8lIbenY
K/yBTuRL9UfK1QbrAAQ==
</ds:X509Certificate>
</ds:X509Data>
</cpix:DeliveryKey>
<cpix:DocumentKey/>
</cpix:DeliveryData>
</cpix:DeliveryDataList>
<cpix:ContentKeyList>
<cpix:ContentKey kid="Please contact your Verimatrix representative for further information" ></cpix:ContentKey>
</cpix:ContentKeyList>
<cpix:DRMSystemList>
<cpix:DRMSystem kid="Please contact your Verimatrix representative for further information" systemId="edef8ba9-79d6-4ace-a3c8-27dcd51d21ed"></cpix:
DRMSystem>
</cpix:DRMSystemList>
</cpix:CPIX>
Following is an example response for VOD asset “vod_asset“ using Key Encryption for Widevine.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<cpix:CPIX xmlns:speke="urn:aws:amazon:com:speke" xmlns:pskc="urn:ietf:
params:xml:ns:keyprov:pskc" xmlns:enc="http://www.w3.org/2001/04
/xmlenc#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org
/2001/XMLSchema" xmlns:cpix="urn:dashif:org:cpix" contentId="vod_asset"
version="2.3">
<cpix:DeliveryDataList>
<cpix:DeliveryData>
<cpix:DeliveryKey>
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Certificate>
MIIFfzCCA2egAwIBAgIUIe0VzYxVlzF0VFgdoUqU3U+AcTgwDQYJKoZIhvcNAQELBQAwTzEL
MAkGA1UEB
hMCVVMxFTATBgNVBAoMDEJ1eURSTSwgSW5jLjEpMCcGA1UEAwwgS2V5T1MgQ1BJWCBBUEkgK
EVuY29kZX
IgU2FtcGxlKQowHhcNMjAwMjIxMTUwMTAxWhcNMjQwMjIwMTUwMTAxWjBPMQswCQYDVQQGEw
JVUzEVMBM
GA1UECgwMQnV5RFJNLCBJbmMuMSkwJwYDVQQDDCBLZXlPUyBDUElYIEFQSSAoRW5jb2RlciB
TYW1wbGUp
CjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALyFfLFbgHdZPRtNmv2IvfOlFM6R
f0SPhpEQa
79skVpPfjJSsXTld+6l2CifIrgYSd7MDvNiLQzjRS8BV54Nm
/BrdBX7CjeQ5EJhdGgIybAjOhyov/8Luv
cZW46cVJAuZjTFMOzDPC6V6MhOYkTBc0wVeBIl76kKb8sanc7czcDWs1t8PThsG0RwPWCm0T
sFy7vbBQG
RVjCkD9MgrktuLA4JzGS1unkNhuFODaBzlpPQGceTQuUhmXEMFXEDHAVUMjDy
/ZbCdcYXYBxA8T8cfnE1
26AsN83cBMP6dMbQ03i21fVmGbRH+j8TmxAoOqGo/NpXix5XtZs
/ImCi5PjHsOhX5njz1B5oI8DK9hP/F
OO9lwnEiq6Q9huHk6JaOH/+mmY9NtWLQ51W0BMqMCU5zEE+dHT3pqF8SlCzPBNwnuHOb34CR
/Fn1dx+3d
qlXTvBal8li0vdkjo6NCb536E2R3z+5refN0tOabH1XmEHu5jQmGjEYJmN
/U32ctjC7ir7eRk4FxDXm32
HvhOl0QgmHzvu1E+OU/FcnWG7s48sZNzyJnQAEykeVkump1b7eF
/m5ziBLyskJCgFU5rLfoWHSjiI2m0m
aV8WWC+PKQlvmP/vm4faAZqbtYktvdj7T8fslkxFoqkSkhGr8KUNO9z
/ph7DnzN6ZktPWyxhs1KJ2M07A
gMBAAGjUzBRMB0GA1UdDgQWBBS/y/LGRofheeqqDq2yi1bjek6n2jAfBgNVHSMEGDAWgBS/y
/LGRofhee
qqDq2yi1bjek6n2jAPBgNVHRMBAf8EBTADAQH
/MA0GCSqGSIb3DQEBCwUAA4ICAQBo+wUXCbNN3ipkY1b
mpLkat6GXTJJYuJ7
/d04aJjLUO43DDXsw6u3pPKTxcDQXRuYw2+dOK7+2Is39SUpKewVskXgg6ATajAtI
9IRKEnwgD0zcCr2hKjksB8ablxwRROl6lv5gzE8MP2ocWTp0zXiUzSSwCgXjDfrSQHhYzaeW
/mvyuLI4Y
WmdCaVYQlDT6a/72esHKUyDLE3BNibaSSZooyeKm757Gvwu2Ek/HXcU
/xMb8T0O2Jov1h81zSwZVXikY6
50AtC5JZ526VXpyGFIMS8f2P7tn62P1Na6
/ABlDlwwpMS05LWqgSsVwXbtSB50kBYd9y+pk3Lri3CcPrv
OtJYlLUiMkds76EQEKXgrAQDd4EaqITKKokN7KYqiM42AoupO2ylejEkyo3WKLqs9sJyfjbk
GnS1yMIC/
QDAIrzjhxlfyJGTrDwyMrSsVJdOeZftPksveVHeGK9FPFuxBgYsxzSeSFgr1fO5BMWYUb9bX
8ILUQxAPy
ptIP+RXd73mbURMmPq4IDeWIzAIopFErwpgg/Y58cZsBptjNgPD
/rMFxwqjkeS1eHVY4PzR1neGykQdJ0
6uEXvatSiT/tnQy/GcOEaYVZnmuGf1oYFnyxhrBiJn2WtIQNbej/TBb
/jn0jy8buX8RgbQp5UA8lIbenY
K/yBTuRL9UfK1QbrAAQ==</ds:X509Certificate>
</ds:X509Data>
</cpix:DeliveryKey>
<cpix:DocumentKey>
<cpix:Data>
<pskc:Secret xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc">
<pskc:EncryptedValue>
<enc:EncryptionMethod xmlns:enc="http://www.w3.org/2001/04
/xmlenc#" Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<enc:CipherData xmlns:enc="http://www.w3.org/2001/04
/xmlenc#">
<enc:
CipherValue>SkCg4rBQPrDOrfzHe3Uz6Ln+3oCEZL7igyAQifSy0bQCRzU4BL1hIWa0csiE
c/mKutJMnHb74eQEtvIym0Km+Xh4h/3bw8v+vRSYsRpR/SevuVD6w5b223sWfWXLTu44
/pKkuCpj0T56b7pL4+LpJ7WGGn4DgWCVLpfdYrVveS6mOCX
/gzLtWvMUWaQtlrIUpvFAA0rB8XfnJDN4dDav17i2XQRhqiCglCVwyB3i2x4O4vFJoTevA9S
jrGw2WeSvPsTO4FdBXqsBYtdn177AhtO+d8tY3DLgd9J0RBrqdU7un9pS9wndvAZgj4A48Ya
ihcD8YhnvivuzEHQ0GotUlQ==</enc:CipherValue>
</enc:CipherData>
</pskc:EncryptedValue>
</pskc:Secret>
</cpix:Data>
</cpix:DocumentKey>
<cpix:MACMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512">
<cpix:Key>
<enc:EncryptionMethod xmlns:enc="http://www.w3.org/2001/04
/xmlenc#" Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<enc:CipherData xmlns:enc="http://www.w3.org/2001/04/xmlenc#">
<enc:CipherValue>dKWEDqW0UJQPAbY9mYgsi4MRi0y
/3l3+VtNOTV2LuMZXSTCaqTSqAb51QKmWmVrdrvpWd0DAR
/10qPTG8JLjm7rK3kaMRrLO0GlYvAj+qtsrzSK+Ryu0cxSRgsv8bR08X/+6QZ2JXNSFq
/K2C328Kk4+ZjgXpbJg3cXCQuvJAuXWoT13W4FEPGdFIpGs55PagEUuedCJQnhZJV7xsklPi
Et5aN/TGpZrD5QQKyJNCpeo47Anb6dYiePTXAws6qsgIrtXVC3xyoS76cRnK8vFe
/AF1dzY1xVzuH87dpLRSTDij2u7Ekp2XakPmiyiEBvAWXSAg29Y9Lk77VkbQAmgYA==<
/enc:CipherValue>
</enc:CipherData>
</cpix:Key>
</cpix:MACMethod>
</cpix:DeliveryData>
</cpix:DeliveryDataList>
<cpix:ContentKeyList>
<cpix:ContentKey explicitIV="sa9jfpPP+G2lBr4R9oRAgA==" kid="
befc2cb9-d768-4367-abf4-eba327ef7104">
<cpix:Data>
<pskc:Secret xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc">
<pskc:EncryptedValue>
<enc:EncryptionMethod xmlns:enc="http://www.w3.org/2001/04
/xmlenc#" Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<enc:CipherData xmlns:enc="http://www.w3.org/2001/04
/xmlenc#">
<enc:CipherValue>Zb3JcsKibG
/f2KJHLDIZliB9OtMmta6uZbdPhVUo2Yh8mWEzo83jTeQtYQPxy2OA</enc:CipherValue>
</enc:CipherData>
</pskc:EncryptedValue>
<pskc:ValueMAC>FO8CihO9yydEgxQ80QJBx
/vpev2sZdjYPOe+N0UQsLJ40KYuAqdayq8u3xZMtOBFj1gbI2oyJJmWfC4ECHWgOg==<
/pskc:ValueMAC>
</pskc:Secret>
</cpix:Data>
</cpix:ContentKey>
</cpix:ContentKeyList>
<cpix:DRMSystemList>
<cpix:DRMSystem kid="Please contact your Verimatrix representative for further information"
systemId="edef8ba9-79d6-4ace-a3c8-27dcd51d21ed">
<cpix:
PSSH>AAAAOHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAABgSEL78LLnXaENnq
/TroyfvcQRI49yVmwY=</cpix:PSSH>
<cpix:
ContentProtectionData>PGNlbmM6cHNzaCB4bWxuczpjZW5jPSJ1cm46bXBlZzpjZW5jOj
IwMTMiPkFBQUFPSEJ6YzJnQUFBQUE3ZStMcVhuV1NzNmp5Q2ZjMVIwaDdRQUFBQmdTRUw3OE
xMblhhRU5ucS9Ucm95ZnZjUVJJNDl5Vm13WT08L2NlbmM6cHNzaD4=</cpix:
ContentProtectionData>
<cpix:
HLSSignalingData>I0VYVC1YLUtFWTpNRVRIT0Q9U0FNUExFLUFFUyxVUkk9ImRhdGE6dGV
4dC9wbGFpbjtiYXNlNjQsQUFBQU9IQnpjMmdBQUFBQTdlK0xxWG5XU3M2anlDZmMxUjBoN1F
BQUFCZ1NFTDc4TExuWGFFTm5xL1Ryb3lmdmNRUkk0OXlWbXdZPSIsSVY9MHhiMWFmNjM3ZTk
zY2ZmODZkYTUwNmJlMTFmNjg0NDA4MCxLRVlGT1JNQVQ9InVybjp1dWlkOmVkZWY4YmE5LTc
5ZDYtNGFjZS1hM2M4LTI3ZGNkNTFkMjFlZCIsS0VZRk9STUFUVkVSU0lPTlM9IjEi</cpix:
HLSSignalingData>
</cpix:DRMSystem>
</cpix:DRMSystemList>
</cpix:CPIX>
Updated 26 days ago
What’s Next