You can add and manage certificates in the ApsaraVideo Live console to implement Digital Rights Management (DRM) encryption for live streams, and use ApsaraVideo Player to decrypt and play the DRM-encrypted live streams. This topic describes how to configure the DRM encryption feature in the ApsaraVideo Live console.
Due to service adjustment, ApsaraVideo Live will stop the support for the DRM encryption feature soon. New users can no longer enable the feature. Existing DRM encryption users can continue to use the feature without being affected. The specific time when the feature retires will be announced soon. Thanks for your support.
Prerequisites
ApsaraVideo Live is activated. Basic operations are complete. For example, you must add a streaming domain and an ingest domain, and then associate the streaming domain with the ingest domain. For more information, see Get started with ApsaraVideo Live.
An Alibaba Cloud Key Management Service (KMS) instance is purchased. For more information, see Purchase and enable a KMS instance.
A FairPlay Streaming certificate is obtained if you use iOS. Keep your certificate, private key, passphrase, and Application Secret key (ASk) confidential. For more information, see Apply for a FairPlay Streaming certificate.
Background information
ApsaraVideo Live provides the DRM encryption feature to secure live streaming content. The FairPlay DRM encryption and Widevine DRM encryption technologies are supported. For more information, see DRM encryption.
Usage notes
Item | Description |
Management method | You cannot configure DRM encryption by calling API operations. Instead, you must configure DRM encryption in the ApsaraVideo Live console. |
Live centers | DRM encryption is available only in the live centers of the China (Shanghai) and Singapore regions. |
Method to enable DRM encryption | If you enable DRM encryption for a domain name for the first time, you must submit a ticket. |
Player version | DRM is supported only for ApsaraVideo Player V5.3.4 and later. |
Configure DRM encryption in the console
You must upload a certificate, create a key, add the key, and configure a transcoding template in the Alibaba Cloud Management Console before you can use DRM encryption.
(Optional) Upload a certificate.
NoteTo use FairPlay DRM encryption, you must apply for a FairPlay Streaming certificate from Apple. If you want to use FairPlay DRM encryption for apps that run on iOS, you must upload the FairPlay Streaming certificate to the ApsaraVideo Live console.
Log on to the ApsaraVideo Live console.
In the left-side navigation pane, choose Feature Management > DRM Management. The DRM Management page appears.
Click Certificates. On the Certificates tab, click Upload Certificate.
You must upload a certificate file and a private key file, and enter the passphrase and ASk. The preceding files and information can be obtained when you apply for the certificate.
Click OK.
Create a key. For more information, see Manage a key.
After a key is created, copy the key.
Add the key to the ApsaraVideo Live console.
Return to the ApsaraVideo Live console.
In the left-side navigation pane, choose Feature Management > DRM Management. The DRM Management page appears.
Click the Keys tab. Click the Edit icon.
In the Enter Key dialog box, paste the key that you copied in Step 2.
Click OK.
Configure a transcoding template.
Return to the ApsaraVideo Live console.
In the left-side navigation pane, choose Feature Management > Transcoding. The Transcoding page appears.
Select the streaming domain that you want to configure and click the Custom Transcoding tab.
Click Add to add a custom transcoding template. In the panel that appears, turn on Video Encryption.
For information about other parameters, see Configure custom transcoding.
Enable DRM encryption
If you enable DRM encryption for a domain name for the first time, you must submit a ticket.
Obtain a DRM-encrypted streaming URL
Example of a DRM-encrypted streaming URL:
http://demo.aliyundoc.com/liveApp****/liveStream****?auth_key=12345****
Specify the appname, streamname, and groupid fields based on your business requirements. For more information, see Generate ingest and streaming URLs.
The auth_key field indicates an access token. For more information, see URL signing.
You can use the following methods to obtain a DRM-encrypted streaming URL:
Construct a DRM-encrypted streaming URL based on the concatenation rules.
Use the URL generator to generate a streaming URL based on your transcoding template. For more information, see Live URL generator.
View the streaming URL of the live stream on the Stream Management page. For more information, see Manage streams.
Configure ApsaraVideo Player
The DRM encryption feature works together with ApsaraVideo Player to facilitate your development. When you use ApsaraVideo Player to play DRM-encrypted live streams, take note of the following points:
The version of ApsaraVideo Player must be V5.3.4 or later. You can use FairPlay DRM encryption for iOS and Widevine DRM encryption for Android.
If you use ApsaraVideo Player for Android, we recommend that you use SurfaceView to secure the playback of live streams.
If you use ApsaraVideo Player for iOS, you must call the setFairPlayCertID method of AliPlayerGlobalSettings to specify the ID of your FairPlay Streaming certificate. The method needs to be called only once. To obtain the ID of the FairPlay Streaming certificate, go to the ApsaraVideo Live console, click
in the left-side navigation pane, and then click the Certificates tab.
When you play a live stream that has a high security level, you cannot rotate the screen, mirror the screen, or take snapshots.
References
For more information about DRM management, see DRM encryption.