This specification defines the initialization data for the ISO Common Encryption ('cenc') protection scheme [[!CENC-1ST]] with the . It also defines a common SystemID and PSSH box format for use with Encrypted Media Extensions.

The Working Group maintains a list of all bug reports that the editors have not yet tried to address.

Implementors should be aware that this specification is not stable. Implementors who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways. Vendors interested in implementing this specification before it eventually reaches the Candidate Recommendation stage should join the mailing list mentioned below and take part in the discussions.

Overview

Under the ISO Common Encryption ('cenc') protection scheme [[!CENC-1ST]], content is encrypted at the sample level with AES-128 CTR encryption. This protection method enables multiple Key Systems to decrypt the same media content.

Encrypted content can be encapsulated by the ISO Base Media File Format [[!BMFF]] or MPEG-2 Transport Stream [[!MPEG2TS]]. Certain types of encrypted content may be transferred from [[!BMFF]] to [[!MPEG2TS]] encapsulation without re-encryption. Common encryption files may contain a mixture of encrypted and unencrypted samples.

Each decryption key is identified by a and each encrypted sample is associated with the Key ID of the key needed to decrypt it. This association is signaled either through the specification of a default Key ID or by defining unique Key IDs for a group of samples.

Encapsulating encrypted content in ISO Base Media File Format [[!BMFF]] and MPEG-2 Transport Stream [[!MPEG2TS]] MUST be done as described in [[!BMFF-CENC]] and [[!MPEG2TS-CENC]], respectively.

Detecting Encryption

Protection scheme signaling with ISO Base media File Format [[!BMFF]] MUST conform to [[!BMFF-CENC]]. Protection scheme signaling with MPEG-2 Transport Stream [[!MPEG2TS]] MUST conform to [[!MPEG2TS-CENC]].

Initialization Data

Common Encryption files may contain one or more protection system specific header ('pssh') boxes, each for a unique SystemID at each location where a 'pssh' box is necessary.

is always one or more concatenated 'pssh' boxes. An implementation (the user agent and/or CDM) MUST be able to examine multiple 'pssh' boxes in the Initialization Data to find a 'pssh' box that it supports. At least one of the concatenated 'pssh' boxes SHOULD contain the SystemID defined in the Common SystemID and PSSH Box Format section.

Each time one or more 'pssh' boxes are encountered, the algorithm shall be invoked with initDataType = "cenc" and initData = the 'pssh' box(es). Multiple 'pssh' boxes MUST be provided together if and only if they appear together in the media container as defined in [[!BMFF-CENC]] and [[!MPEG2TS-CENC]].

If a supported 'pssh' box (based on SystemID) is not found while processing the initData in the algorithm, follow the algorithm step for "init data is not supported by the cdm."

ISO Common Encryption 2nd Edition [[!CENC-2ND]] also specifies storage of a 'pssh' box base64 encoded in an XML element of the form <cenc:pssh (base64 'pssh')>. For instance, DASH manifests may provide 'pssh' boxes in this format, each contained in a ContentProtection Descriptor element identified by a SystemID. These 'pssh' boxes may be decoded and concatenated by an application to provide equivalent Initialization Data to that stored in movie or movie fragment boxes.

Common SystemID and PSSH Box Format

This section defines a common open SystemID and PSSH box format for use with EME. Key System implementations supporting ISO Common Encryption MUST support this SystemID and format. Media resources for use with EME SHOULD contain appropriate PSSH box(es) for this SystemID.

Use of this SystemID is RECOMMENDED for applications, packagers, and implementors. Use of other SystemIDs with the EME APIs is discouraged. 'pssh' box(es) for this SystemID SHOULD be included in all new or repackaged content so that the content can be used with any compliant Key System. For existing content, applications may alternatively obtain a 'pssh' box containing this SystemID or another Initialization Data Type (e.g. keyids) from another source.

Implementations MAY support other SystemIDs for backwards compatibility with existing streams.

uses this SystemID for ISO Common Encryption content. When is called with initDataType "cenc", the Clear Key CDM will use the PSSH box with this SystemID to generate a license request.

Definition

The SystemID is 1077efec-c0b2-4d02-ace3-3c1e52e2fb4b.

The PSSH box format is as follows. It follows version 1 of the 'pssh' box as defined in ISO Common Encryption 2nd Edition [[!CENC-2ND]].

version
1
KID and KID_count
The (s) represented by the PSSH box. For example, those key ID(s) used by the ISO Base Media File Format Movie ('moov') or Movie Fragment ('moof').
Data and DataSize
Reserved for future use. DataSize SHALL be set to 0 when constructing this box. When processing, if dataSize is non-zero the Data field SHALL be ignored.

Example

The following example contains two key IDs.

var pssh = [
    0x00, 0x00, 0x00, 0x4c, 0x70, 0x73, 0x73, 0x68, // BMFF box header (76 bytes, 'pssh')
    0x01, 0x00, 0x00, 0x00,                         // Full box header (version = 1, flags = 0)
    0x10, 0x77, 0xef, 0xec, 0xc0, 0xb2, 0x4d, 0x02, // SystemID
    0xac, 0xe3, 0x3c, 0x1e, 0x52, 0xe2, 0xfb, 0x4b,
    0x00, 0x00, 0x00, 0x02,                         // KID_count (2)
    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, // First KID ("0123456789012345")
    0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
    0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, // Second KID ("ABCDEFGHIJKLMNOP")
    0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
    0x00, 0x00, 0x00, 0x00,                         // Size of Data (0)
];