The Apple HTTP Live Streaming (HLS) specification uses AES-128 encryption to provide content protection. The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology. In case of HLS with AES-128, individual media segments get encrypted with a 16-octet key. Most modern streaming servers have simple configuration options for enabling AES-128 on HLS streams.
THEOplayer supports decryption and playback of HLS streams with AES-128 content protection out of the box, without extra configuration in the player. In order to play AES-128 content protected streams, the decryption key and an optional initialization vector have to be provided in the manifest. When configured correctly, THEOplayer allows playback of AES-128 content protected streams on all supported devices in real time. It allows for the usage of a single key, or a rotating key.
In order to make sure THEOplayer can decrypt the stream, make sure the following information is correct in the manifest:
Make sure CORS is enabled both on the media segments that have to be downloaded, decrypted and played as well as the decryption key if referenced externally in the manifest file.
There’s a demo of THEOplayer playing an AES-128 Content Protected stream at https://demo.theoplayer.com/drm-aes-protection-128-encryption.
An example manifest of a 44-second long VOD stream protected with AES-128 content protection - each media segment has its own key.
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-MEDIA-SEQUENCE:0
#EXT-X-ALLOWCACHE:1
#EXT-X-KEY:METHOD=AES-128,URI="segment-00000.key"
#EXTINF:4.458667,
segment-00000.ts.enc
#EXT-X-KEY:METHOD=AES-128,URI="segment-00001.key"
#EXTINF:4.010000,
segment-00001.ts.enc
#EXT-X-KEY:METHOD=AES-128,URI="segment-00002.key"
#EXTINF:4.468667,
segment-00002.ts.enc
#EXT-X-KEY:METHOD=AES-128,URI="segment-00003.key"
#EXTINF:3.893000,
segment-00003.ts.enc
#EXT-X-KEY:METHOD=AES-128,URI="segment-00004.key"
#EXTINF:4.007333,
segment-00004.ts.enc
#EXT-X-KEY:METHOD=AES-128,URI="segment-00005.key"
#EXTINF:3.292667,
segment-00005.ts.enc
#EXT-X-KEY:METHOD=AES-128,URI="segment-00006.key"
#EXTINF:4.011667,
segment-00006.ts.enc
#EXT-X-KEY:METHOD=AES-128,URI="segment-00007.key"
#EXTINF:4.001000,
segment-00007.ts.enc
#EXT-X-KEY:METHOD=AES-128,URI="segment-00008.key"
#EXTINF:4.011667,
segment-00008.ts.enc
#EXT-X-KEY:METHOD=AES-128,URI="segment-00009.key"
#EXTINF:4.001000,
segment-00009.ts.enc
#EXT-X-KEY:METHOD=AES-128,URI="segment-00010.key"
#EXTINF:4.011667,
segment-00010.ts.enc
#EXT-X-TARGETDURATION:5
#EXT-X-ENDLIST