Show Menu
TOPICS×

Configuration file properties

The configuration file specifies the following properties. For property names that include n , n represents an integer starting with 1 and increasing for each instance of the property.
Property/Command Line Option Description
policy.name
-n policyname
The human-readable policy name.
policy.requireKeyServer
-keyServer boolean
If true, an HTTPS Key Server is required for key delivery to iOS. Default is false, if not specified.
policy.enforceJailbreak
-enforceJailbreak boolean
If true, for devices that support jailbreak detection, do not allow playback if jailbreak has been detected.
policy.critical
-critical boolean
Set policy criticality. If true, the server must understand all parts of the policy (this is the default behavior). If false, the server may ignore policy attributes it does not understand.
policy.chaining.asymmetric.certfile License server certificate whose public key is used to encrypt the root encryption key for the Enhanced License Chaining This property specifies a file that contains the certificate only (either PEM or DER format is acceptable).
policy.chaining.rootKey
-rootKey root-key
Specify root encryption key for the Enhanced License Chaining. If no key is specified, and Enhanced License Chaining is enabled, a random key will be generated. The key must be 16 bytes in length and specified as Hex values. Whitespace between the Hex values is optional. For updates, the command line option is not allowed, and the property is ignored.
policy.domain.url
-domainURL url
URL of domain server, if domain registration is required. For updates, the command line option is not allowed, and the property is ignored.
policy.domain.anonymous
-domainAnon
Specifies whether anonymous domain registration is allowed. Set the property to true or include this command line option to allow anonymous access. This option cannot be used with -domainAuthNS.
policy.domain.authNamespace
-domainAuthNS namespace
The authentication namespace for domain registration. If specified, the client should authenticate with a user name and password issued by the specified authority. For updates, the command line option is not allowed, and the property is ignored. This option cannot be used with -domainAnon.
policy.outputProtection.analog
-opAnalog AnalogOption
Analog output protection constraints. The following values are supported:
  • NO_PROTECTION
  • USE_IF_AVAILABLE
  • USE_IF_AVAILABLE_ACP
  • USE_IF_AVAILABLE_CGMSA
  • REQUIRED
  • REQUIRED_ACP
  • REQUIRED_CGMSA
  • NO_PLAYBACK
policy.drmVersionBlacklist.n
-drmBlacklist name/value-pairs
DRM clients restricted from accessing protected content. This option specifies a list of versions of DRM modules that may not be used (black list). The value consists of comma separated name=value pairs with the following format:
os|release|arch|model|vendor|env|screen=value
Additional name/value pairs must be comma-separated. For example: os=Win,release=2.0,arch=32 .
policy.runtimeVersionBlacklist.n
-runtimeBlacklsit name/value-pairs
Application runtimes restricted from accessing protected content. This option specifies a list of versions of runtime modules that may not be used (black list). The value consists of comma separated name=value pairs with the following format:
os|release|application|arch|model|vendor|env|screen=value
Additional name/value pairs must be comma-separated. For example, os=Win,application=AIR .
policy.v1DeviceCapabilities
-devCapabilitiesV1 name/value-pairs
Specifies device capabilities required to access protected content. The value consists of comma separated name=value pairs with the following format:
nonUserAccessibleBus|hardwareRootOfTrust=true|false
For example, nonUserAccessibleBus=false,hardwareRootOfTrust=true . During update, use -devCapabilitiesV1 without the remaining arguments to remove the device capabilities restriction.
policy.syncFrequency
-sync name/value-pairs
Specify how often clients are required to send synchronization messages to the server. If not set, clients will not send synchronization messages when playing content protected with this policy. The value consists of comma separated name=value pairs with the following format:
start|force|hardStop=numberValue
  • start (required) - Start interval specifies the client should start synchronizing with the server this many minutes since the last synchronization.
  • force (optional) - Force synchronization probability is the probability (0-100) with which the client should force a synchronization message during playback.
  • hardStop (optional) - Hard stop interval is the time in minutes after which the client will fail playback if unable to synchronize. If set, must be greater than start interval.
During update, use -sync without the remaining arguments to remove the synchronization requirements.
policy.useRootLicense Indicates whether this policy has a root license (see Enhanced License Chaining in Using Adobe Access for Protecting Content ).
policy.startDate The date after which content is valid. Use the format yyyy-mm-dd (for example, 2009-01-31 represents January 31 at 12:00 AM) or yyyy-mm-dd-h24:min:sec (for example, 2009-01-31-14:30:00 represents January 31 at 2:30 PM).
policy.expiration.endDate
The date before which content is valid. Both policy.expiration.endDate and policy.expiration.duration may not be specified concurrently. Use the format yyyy-mm-dd or yyyy-mm-dd-h24:min:sec (for example, 2009-01-31-14:30:00 represents January 31 at 2:30 PM).
policy.expiration.duration
The amount of time the content is valid (in minutes), starting from when it is packaged. Both policy.expiration.endDate and policy.expiration.duration may not be specified at the same time.
policy.licenseCaching.duration
Amount of time a license may be cached on the client (in minutes). Set this property to 0 to disallow license caching. The value must be 0 or higher. Both policy.licenseCaching.duration and policy.licenseCaching.endDate may not be used concurrently.
Note : This policy setting is applied only to the license caching on the disk. It doesn't control memory cached license duration. License can be cached on memory even if policy specified duration is zero.
policy.licenseCaching.endDate
The date after which licenses may not be cached. Both policy.licenseCaching.duration and policy.licenseCaching.endDate may not be used concurrently.
policy.anonymous
Indicates whether anonymous license acquisition is allowed. The default is "false" (username/password authentication is required) if not specified.
policy.authNamespace
If username/password authentication is required, this property specifies an optional name qualifier for user names.
policy.customProp.n
Custom name/value pairs to be used by the server during license acquisition. Use the following format for specifying properties: policy.customProp.n = name = value
policy.playbackWindow
Specifies the playback window (in minutes), which is the duration for which the license is valid after the first time it is used to play protected content.
policy.outputProtection.digital
Output protection constraints. Values must be one of the following:
NO_PROTECTION, USE_IF_AVAILABLE, REQUIRED, NO_PLAYBACK
policy.drmMinSecurityLevel
The DRM module must have the specified minimum security level, or higher, to access protected content.
policy.runtimeMinSecurityLevel
The application runtime module must have the specified minimum security level, or higher, to access protected content.
policy.allowedAIRApplication.n
A white list of Adobe AIR or iOS applications allowed to play protected content. The property must use the following format: pubId [: appId [:[ min ]:[ max ]]]
policy.allowedSWFApplication.n
A white list of SWF applications allowed to play protected content. Use the following format:
URL or file= swf_file ,time= max_time_to_verify swf_file is the SWF file for which to compute the hash and max_time_to_verify is the maximum time to allow for download and verification of the SWF to complete (in seconds).
policy.license.customProp.n
Custom name/value pairs to be included in licenses issued to users. Use the following format:
policy.license.customProp.n = name = value
This option can be defined multiple times for multiple custom properties.