Set up ME for DASH
Review these sections to add media encryption to your AMD property to encrypt DASH-format segments.
DASH support is Limited Availability
Media Encryption for DASH is currently only available to selected customers. Talk to your Akamai account team to see if you're eligible.
Supported DASH players
Currently, media encryption is supported for use with these players:
- DASH Javascript Player (DASH IF Reference Client)
DASH player requirements
There are various prerequisites your DASH player needs to meet.
Requirement | Description |
---|---|
Use HTTPS | This reduces the possibility of a man-in-the-middle attack that could compromise an encrypted media stream. Make sure your player is connecting to the Akamai edge network using HTTPS. This helps protect all applicable media keys, manifests, and playlists during delivery. HTTP connections are not supported. Individual media segments can be delivered through a standard HTTP connection from your origin to edge servers, but we recommend that you set up your AMD property to use HTTPS, exclusively.
|
Support the Clear Key DRM system | Your player needs to support Clear Key, as required by W3C Encrypted Media Extensions (EME). |
Support AES-128 encryption mode | Encrypted DASH content needs to use either the |
SegmentTemplate, only | Your manifest files need to use |
Akamai needs to be your key server | You can't use a third-party key server. By adding Media Encryption to your AMD property, you automatically set Akamai as your key server. There's nothing more you need to do. |
Add it to your property
To enable media encryption, you need to apply specific settings:
- In the Segmented Media Protection behavior, set DASH Encryption to "On".
-
You should enable Token Authentication, too. It's also available in the Segmented Media Protection behavior. It protects client access to the key file by using secure, long tokens.
-
With settings defined as desired, click Save to apply.
Specific path matches in a custom rule
If you incorporate a custom rule with specific path matches and apply media encryption for content in those paths, you also need to include the proper path to the media encryption "key file" as a path match: /AcquireLicense
.
You need to do this because the manifest associated with your target content always looks to /serve.key
to find this key. If you don't add this path match, when this AMD property is run for a request, edge servers won't be able to find the Media Encryption behavior. So, the key isn't generated and the stream fails.
Caveats and known issues
There are some things that can limit the use of media encryption in some scenarios. Before you go live with it, review these key points and take the appropriate measures.
Issue | Description |
---|---|
Byte-range playlists aren't supported | When media encryption is enabled for a stream with byte-range segments, incorrect byte ranges can be reported in the playlist file. So, when a player transitions from one bit rate to another, it can fail to append the new segment to the previous one in its playback buffer. Symptoms of this include playback failure and audio and video sync issues. We're looking to add support for byte-range requests with a future release. |
SegmentTemplate identifiers are not supported within a segment path | A DASH SegmentTemplate manifest offers support for various identifiers, such as
|
Existing stream-level encryption is passed through | If content served by your AMD property is already encrypted using stream-level encryption (such as data encrypted via a DRM system implemented on your origin server), it won't be encrypted further. Pre-encrypted content will just be passed through to the client. |
HTTP/2 is not supported | An |
Partial Object Caching is not supported | Partial object caching makes a series of range requests to fetch a segment. The content is received in ranges and the encryption logic is not supported when the content received is in ranges. |
Bit Rate Limiting is not supported | Currently, Bit Rate Limiting is not supported due to buffer issues. |
Live playback issues with Firefox | We've seen video distortions while playing encrypted DASH content on Firefox. Sometimes the distortions are observed in the beginning and improve as the stream progresses. Other times we've seen them a few minutes into the stream. |
Issue with manifest files that use the BaseURL tag | Media encryption doesn't work if the |
AquireLicense server request fails with CORS error | A request to the AcquireLicense server that's used with ClearKey DRM can fail on the player when accompanied by a CORS request. This is because it expects the
|
Instances of the "DRM: unable to create session!" error | The DASH JavaScript Player has intermittently shown this error when ClearKey encryption is used in a stream. Try refreshing the player and retry playback to remove the error. See this GitHub page for more details. |
Hostname Override isn't supported | Media encryption doesn't work with DASH streams if you have a hostname override set in your AMD property using ` |
HEVC / H.265 / MPEG-H Part 2 isn't supported | Currently, the supported video compression standard is Advanced Video Coding / H.264 / MPEG-4 Part 10. |
Standard format isn't supported | Media encryption currently does not work with DASH streams on standard formats such as Azure. |
Updated 8 months ago