Show Menu
TOPICS×

Configuration properties

For property names that include .n , the n represents an integer that starts with 1 and increases for each instance of the property. For example: policy.license.customProp.n .
Property/Command Line Option Description
policy.name
-n policyname
The human-readable DRM policy name.
policy.requireKeyServer
-keyServer boolean
The following conditions apply:
  • If true, an HTTPS Key Server is required for key delivery to iOS.
  • If not specified, the default is false.
policy.enforceJailbreak
-enforceJailbreak boolean
For devices that support jailbreak detection, if true, do not allow playback when jailbreak is detected.
policy.critical
-critical boolean
Sets the criticality of the DRM policy:
  • If true, the server must understand all parts of the DRM policy, which represents default behavior.
  • If false, the server can ignore DRM policy attributes that it does not recognize.
policy.chaining.asymmetric.certfile License server certificate whose public key is used to encrypt the root encryption key for the Enhanced License Chaining . This property specifies a file that only includes the certificate.
Note: Both PEM or DER formats are supported.
policy.chaining.rootKey
-rootKey root-key
Specifies the root encryption key for the Enhanced License Chaining . If no key is specified and Enhanced License Chaining is enabled, a random key is automatically generated.
The key must be 16 bytes long and specified as hex values. Whitespace between the hex values is optional. For updates, the command-line option is not available, and the property is ignored.
policy.domain.url
-domainURL url
If domain registration is required, url specifies the URL of a domain server. For updates, the command-line option is not available, and the property is ignored.
policy.domain.anonymous
-domainAnon
Specifies whether anonymous domain registration is allowed. Sets the property to true or includes this command-line option to allow anonymous access.
Note: This option cannot be used with -domainAuthNS .
policy.domain.authNamespace
-domainAuthNS namespace
The authentication namespace for domain registration. If specified, the client needs to authenticate with a user name and password that were issued by the specified authority.
For updates, the command-line option is not available, and the property is ignored.
Note: This option cannot be used with -domainAnon .
policy.outputProtection.analog
-opAnalog AnalogOption
Analog output protection constraints, and the following values are supported:
  • NO_PROTECTION
  • USE_IF_AVAILABLE
  • USE_IF_AVAILABLE_ACP
  • USE_IF_AVAILABLE_CGMSA
  • REQUIRED
  • REQUIRED_ACP
  • REQUIRED_CGMSA
  • NO_PLAYBACK
policy.drmVersionBlacklist.n
-drmBlacklist name/value-pairs
DRM clients that are restricted from accessing protected content. This option specifies a list of versions of DRM modules that may not be used (blacklist).
The value consists of comma separated name=value pairs in the following format:
os|release|arch|model|vendor|env|screen=value
Additional name/value pairs must be comma-separated. For example, os=Win,release=2.0,arch=32 .
policy.runtimeVersionBlacklist.n
-runtimeBlacklsit name/value-pairs
Application runtimes are restricted from accessing protected content. This option specifies a list of versions of runtime modules that may not be used (blacklist).
The value consists of comma-separated name=value pairs in the following format:
os|release|application|arch|model|vendor|env|screen=value
Additional name/value pairs must be comma-separated. For example, os=Win,application=AIR .
policy.v1DeviceCapabilities
-devCapabilitiesV1 name/value-pairs
Specifies the device capabilities that are required to access protected content. The value consists of comma separated name=value pairs in the following format:
nonUserAccessibleBus|hardwareRootOfTrust=true|false
For example, nonUserAccessibleBus=false,hardwareRootOfTrust=true .
During an update, you need to apply -devCapabilitiesV1 without the remaining arguments that remove the device capabilities restriction.
policy.syncFrequency
-sync name/value-pairs
Specifies how often clients are required to send synchronization messages to the server.
If the property is not set, clients will not send synchronization messages when they play content that is protected with a DRM policy. The value consists of comma-separated name=value pairs in the following format:
start|force=numberValue
The following list provides additional information about the options:
  • (required) start specifies that the client needs to start synchronizing with the server in the specified minutes since the last synchronization.
  • (optional) force is the probability (0-100) with which the client needs to force a synchronization message during playback.
During update, use -sync without the remaining arguments to remove the synchronization requirements.
policy.useRootLicense Indicates whether this DRM policy has a root license.
For more information, see Enhanced License Chaining .
policy.startDate The date after which content becomes valid. You can apply one of the following formats:
  • yyyy-mm-dd
    For example, 2009-01-31 means January 31 at 12:00 AM.
  • yyyy-mm-dd-h24:min:sec
    For example, 2009-01-31-14:30:00 means January 31 at 2:30 PM.
policy.expiration.endDate
The date before content becomes invalid.
Note: You cannot specify policy.expiration.endDate and policy.expiration.duration concurrently.
For example, 2009-01-31-14:30:00 means that the content will expire on January 31 at 2:30 PM.
policy.expiration.duration
The time in minutes when the content becomes invalid. The time starts when you package content.
Note: You cannot specify policy.expiration.endDate and policy.expiration.duration concurrently.
policy.licenseCaching.duration
The time in minutes when a license can be cached on the client. You can set this property to 0 to prevent license caching. The value must be 0 or higher.
Note: You cannot specify policy.licenseCaching.duration and policy.licenseCaching.endDate concurrently.
This DRM policy setting is applied only to the license caching on the disk and does not control memory-cached license duration. The license can be cached in memory even if you do not specify a DRM policy with a duration of zero.
policy.licenseCaching.endDate
The date after which you can no longer cache licenses.
Note: You cannot specify policy.licenseCaching.duration and policy.licenseCaching.endDate concurrently.
policy.anonymous
Indicates whether anonymous license acquisition is allowed. The default is set to false , which means that a username and password is required.
policy.authNamespace
If a username and password is required, this property specifies an optional name qualifier for user names.
policy.customProp.n
Custom name/value pairs to be used by the server during license acquisition. You can apply the following format to specify properties: policy.customProp.n = name = value
policy.playbackWindow
Specifies the playback window in minutes. This value represents how long the license is valid after the first time that protected content is played.
policy.outputProtection.digital
Output protection constraints, which must be one of the following values:
  • NO_PROTECTION
  • USE_IF_AVAILABLE
  • REQUIRED
  • NO_PLAYBACK
policy.outputProtection.ota Specifies the over the air (OTA) connection types that should be whitelisted. Valid connection types include:
  • MIRACAST
  • AIRPLAY
  • DLNA
  • WIDI
policy.outputProtection.resolution Specifies the configuration file in which the resolution-based constraints are defined.
policy.drmMinSecurityLevel
Specifies the minimum security level to allow the DRM module to access protected content.
policy.runtimeMinSecurityLevel
The application runtime module must have at least the specified minimum security level to access protected content.
policy.allowedAIRApplication.n
A whitelist of non-Flash applications (Adobe AIR, iOS, Android, etc.) that are allowed to play protected content. The property must use the following format: pubId [: appId [:[ min ]:[ max ]]]
policy.allowedSWFApplication.n
A whitelist of SWF applications that are allowed to play protected content. The property must use the following format:
  • URL
  • file=swf_file
  • time=max_time_to_verify
swf_file is the SWF file that is used to compute the hash, and max_time_to_verify is the maximum time in seconds that is allowed for downloading and verifying the SWF to complete.
policy.license.customProp.n
Custom name/value pairs that you must include in licenses when the licenses are issued to users. You need to specify the following format:
policy.license.customProp.n=name
You can define this option multiple times for multiple custom properties.