This specification defines the stream format and initialization data for using ISO Base media File Format [[!BMFF]] content using the ISO Common Encryption ('cenc') protection scheme [[!CENC-1ST]] with the Encrypted Media Extensions. It also defines a common SystemID and PSSH box format for use with Encrypted Media Extensions.
The Working Group maintains a list of all bug reports that the editors have not yet tried to address.
Implementors should be aware that this specification is not stable. Implementors who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways. Vendors interested in implementing this specification before it eventually reaches the Candidate Recommendation stage should join the mailing list mentioned below and take part in the discussions.
Under the ISO Common Encryption ('cenc') protection scheme [[!CENC-1ST]], ISO Base media File Format [[!BMFF]] content is encrypted at the sample level with AES-128 CTR encryption. This protection method enables multiple Key Systems to decrypt the same media content.
Each key is identified by a Key ID and each encrypted sample is associated with the Key ID of the key needed to decrypt it. This association is signaled either through the specification of a default Key ID in the track encryption box ('tenc') or by assigning the sample to a Sample Group, the definition of which specifies a Key ID. Common encryption files may contain a mixture of encrypted and unencrypted samples.
Protection scheme signaling conforms with ISO Base media File Format [[!BMFF]]. When protection has been applied, the stream type will be transformed to 'encv' for video or 'enca' for audio, with a Protection Scheme Information Box ('sinf') added to the sample entry in the Sample Description Box ('stsd'). The Protection Scheme Information Box ('sinf') will contain a Scheme Type Box ('schm') with a scheme_type field set to a value of 'cenc' (Common Encryption).
The "encrypted block" is a sample. Determining whether a sample is encrypted depends on the corresponding Track Encryption Box ('tenc') and the sample group with grouping type 'seig' (CencSampleEncryption group), if any, associated with the sample. The default encryption state of a sample is defined by the IsEncrypted flag in the associated track encryption box ('tenc'). This default state may be modified by the IsEncrypted flag in the SampleGroupDescriptionBox ('sgpd'), pointed to by an index in the SampleToGroupBox ('sbgp').
Samples can be partially encrypted, specified by subsample information referenced by SampleAuxiliaryInformationSizesBox ('saiz') and SampleAuxiliaryInformationOffsetsBox ('saio') boxes.
For complete information, see [[!CENC-1ST]].
Common Encryption files may contain one or more protection system specific header ('pssh') boxes, each for a unique SystemID at each location where a 'pssh' box is necessary.
Initialization Data is always one or more concatenated 'pssh' boxes. An implementation (the user agent and/or CDM) MUST be able to examine multiple 'pssh' boxes in the Initialization Data to find a 'pssh' box that it supports. At least one of the concatenated 'pssh' boxes SHOULD contain the SystemID defined in the Common SystemID and PSSH Box Format section.
Each time one or more 'pssh' boxes are encountered, the Initialization Data Encountered algorithm shall be invoked with initDataType = "cenc" and initData = the 'pssh' box(es). Multiple 'pssh' boxes MUST be provided together if and only if they appear directly next to each other in the file.
If a supported 'pssh' box (based on SystemID) is not found while processing the initData in the createSession() algorithm, follow the algorithm step for "init data is not supported by the cdm."
ISO Common Encryption 2nd Edition [[!CENC-2ND]] also specifies storage of a 'pssh' box base64 encoded in an XML element of the form <cenc:pssh (base64 'pssh')>. For instance, DASH manifests may provide 'pssh' boxes in this format, each contained in a ContentProtection Descriptor element identified by a SystemID. These 'pssh' boxes may be decoded and concatenated by an application to provide equivalent Initialization Data to that stored in movie or movie fragment boxes.
This section defines a common open SystemID and PSSH box format for use with EME. Key System implementations supporting ISO Common Encryption MUST support this SystemID and format. Media resources for use with EME SHOULD contain appropriate PSSH box(es) for this SystemID.
Use of this SystemID is RECOMMENDED for applications, packagers, and implementors. Use of other SystemIDs with the EME APIs is discouraged. 'pssh' box(es) for this SystemID SHOULD be included in all new or repackaged content so that the content can be used with any compliant Key System. For existing content, applications may alternatively obtain a 'pssh' box containing this SystemID or another Initialization Data Type (e.g. keyids) from another source.
Implementations MAY support other SystemIDs for backwards compatibility with existing streams.
Clear Key uses this SystemID for ISO Common Encryption content.
When createSession() is called with initDataType "cenc", the Clear Key CDM will use the PSSH box with this SystemID to generate a license request.
The SystemID is 1077efec-c0b2-4d02-ace3-3c1e52e2fb4b.
The PSSH box format is as follows. It follows version 1 of the 'pssh' box as defined in ISO Common Encryption 2nd Edition [[!CENC-2ND]].
The following example contains two key IDs.
var pssh = [
0x00, 0x00, 0x00, 0x4c, 0x70, 0x73, 0x73, 0x68, // BMFF box header (76 bytes, 'pssh')
0x01, 0x00, 0x00, 0x00, // Full box header (version = 1, flags = 0)
0x10, 0x77, 0xef, 0xec, 0xc0, 0xb2, 0x4d, 0x02, // SystemID
0xac, 0xe3, 0x3c, 0x1e, 0x52, 0xe2, 0xfb, 0x4b,
0x00, 0x00, 0x00, 0x02, // KID_count (2)
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, // First KID ("0123456789012345")
0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, // Second KID ("ABCDEFGHIJKLMNOP")
0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
0x00, 0x00, 0x00, 0x00, // Size of Data (0)
];