Show Menu
TOPICS×

Using External CEK to Vend and Package Licenses

Use the External CEK feature to vend and package licenses using your existing CKMS.

EncryptContentWithExternalKey.java

This is a command line tool that will AAXS-encrypt a video and create metadata that will not contain the CEK (protected with an AAXS license server's public cert). Instead, the tool embeds a CEK ID into the video's metadata.
During license acquisition, the AAXS license server observes a flag in the metadata identifying that this content was protected using an External CEK. The license server will extract the CEK ID from the metadata and then query a secure repository/CKMS to retrieve the appropriate CEK.

Packaging Workflow

  1. Ensure you are using Java 1.6.0_24 or later.
  2. To see the tool usage: java -jar AdobePackager_ExternalCEK.jar
  3. To package content:
    java -jar AdobePackager_ExternalCEK.jar sample.flv encrypted.flv abc abcdef0123456789 
        policy.pol https://path-to-your-server:8090 <license-server-public-cert.pem> 
        <license-server-private-key.pfx> <private-key-password>
    
    
  • The Java source code can be built using the included ANT build-samples.xml
  • The Flash Access SDK ( adobe-flashaccess-sdk.jar ) must be on the classpath

Server Workflow

  1. Set up the Reference Implementation.
  2. If any exist, clean up previous Reference Implementation deployments:
    1. delete <tomcat>\work\Catalina*.*
    2. delete <tomcat>\conf\Catalina*.*
    3. delete <tomcat>\logs*.*
  3. Verify that there is a CEKDepot.properties file alongside your flashaccess-refimpl.properties
  4. Initiate a license request from an Adobe Primetime Player
  5. Observe Ref Impl logs for something similar to:
    DEBUG [com.adobe.flashaccess.refimpl.web.RefImplLicenseReqHandler.REQUESTS] 
      Used CEK ID:{abc} to retrieve CEK: {abcdef0123456789} from depot
    
    
    1. You may have to change your log4j.xml settings to log at a DEBUG level ( INFO is set by default)

Known Issues

None