This specification defines the stream format for Common Encryption of MPEG-2 Transport Streams 'CETS' [[!CENC-MPEG2]] with the . Initialization data for cenc with Encrypted Media Extensions is defined in [[!CENC-INIT]].
The Working Group maintains a list of all bug reports that the editors have not yet tried to address.
Implementors should be aware that this specification is not stable. Implementors who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways. Vendors interested in implementing this specification before it eventually reaches the Candidate Recommendation stage should join the mailing list mentioned below and take part in the discussions.
Under 'CETS', ISO Base media File Format [[!BMFF]] content encrypted at the sample level with AES-128 CTR encryption can be re-encapsulated in an MPEG-2 Transport Stream without re-encryption.
Multiple Key Systems can be used to decrypt the same media content. Each key is identified by a and each encrypted sample is associated with the Key ID of the key needed to decrypt it. This association is signaled either through the specification of the 'default_key_id' field or by the per access unit 'key_id' in the CETS Entitlement Control Message 'CETS ECM' carried in the 'cets_ecm()' descriptor. The 'cetc_ecm()' also carries per access unit Initialization Vector 'iv' data in the 'initialization_vector' field.
Each protection systems' PSSH box is encapsulated in a separate elementary stream identified by a unique CETS PSSH PID. A 'CA_descriptor()' contains the CETS PSSH PID for each protection system in use. The 'CA_descriptor()' also contains the scheme type and version, and encryption algorithm in the 'scheme_type', 'scheme_version' and 'encryption_algorithm' fields, respectively.
The 'CA_descriptor()' MUST appear in the inner loop of the PMT where it applies to a specific elementary stream.
[[!CENC-MPEG2]] does not specify where in the PMT the CA_descriptor() may appear. A future amendment will restrict it to the inner loop.
Protection scheme signaling conforms with MPEG-2 Transport Stream [[!MPEG2TS]]. When 'cenc' protection has been applied, a 'CA_descriptor()' will be present in the program map table ('TS_program_map_section') and the 'CA_SystemID' field will contain the value 'ce'. The 'CA_descriptor()' identifies the 'CETS_ECM' elementary stream ('CA_PID' field), encryption algorithm ('encryption_algorithm' field), the PSSH elementary stream ('pssh_id' field) for each protection system used and a 'scheme_type' field set to a value of 'cenc' (Common Encryption).
The "encrypted block" is an access unit 'AU'. A 'CETS ECM' defines 'num_states' encryption states. Each 'CETS_ECM' state defines how PES packets are encrypted for PES packets with a 'transport_scrambling_control' field that matches the 'CETS_ECM' state 'transport_scrambling_control' field.
For complete information, see [[!CENC-MPEG2]].
MPEG-2 Transport Streams may contain one or more protection system specific header ('pssh') boxes carried in an elementary stream, each for a unique SystemID at each location where a 'pssh' box is necessary.
MUST be created from 'pssh' boxes as defined in [[CENC-INIT]]. MUST be created from 'pssh' boxes in all elementary streams referenced by the set of 'pssh_pid' fields in a 'CA_descriptor()'.