How to set up EZDRM PlayReady DRM (Smooth Streaming)

This article describes how to set up and use Wowza DRM with EZDRM PlayReady.

  • Wowza Media Server™ 3.5 or later is required.
  • The instructions in this article require an EZDRM account. For more information, see 30-day Free Trial or sign up for the Microsoft Silverlight DRM option at


Download and install the EZDRM plugin for Wowza media server
Create and configure an EZDRM DRM key file Configure the EZDRM module in Wowza Streaming Engine Manager Test the DRM configuration Special instructions for using nDVR with DRM
More resources

Download and install the EZDRM plugin for Wowza media server

To use EZDRM with Wowza media servers, you must first download the EZDRM Wowza Module plugin and install it on your Wowza media server.

  1. Download the EZDRM Wowza Module Java DRM Plugin.
  2. Copy and paste the downloaded EzdrmWowzaModule.jar file into [wowza-install-dir]/lib.
  3. Restart the media server for your change to take effect.

Create and configure an EZDRM DRM key file

For each stream served by the Wowza media server software, the EZDRM Wowza plugin calls the DRM key(s) that correspond to the ContentID. Before you want to stream, create DRM key set (ContentID) entries in the EZDRM DRM-as-a-Service Kay API for each stream. This is well suited to adaptive bitrate streaming.

Generate an EZDRM DRM key

There are two ways to create DRM key files: the EZDRM Web Service or a scripted curl web service call. In both cases you must provide the following information:

Parameter Value
U Enter your EZDRM username.
P Enter your EZDRM password.
C (Optional) Enter a ContentID if you want to encrypt a stream with an existing ContentID. All streams that use the same ContentID will share one license.
Note: A unique ContentID is generated the first time you use the web service. To generate a new ID, send a blank value for the ContentID; to call an existing ID, specify the ContentID.

Request a DRM key with the EZDRM Web Service

  1. Open the EZDRM web service in a browser.
  2. Enter your EZDRM username (U), password (P), and (optional) ContentID (C). information, and then click Invoke.

Request a DRM key with a curl script

Run the following curl script, or another scripted web service call, to retrieve the DRM values from the EZDRM web service where [ezdrm-account-username] is replaced with your EZDRM username and [ezdrm-account-password] is replaced with the password associated with your EZDRM username. You can also specify the ContentID for the value of C; if you don't specify a ContentID, you must use double quotation marks ("") to pass a blank value, as shown in the example script below.

curl -v ‘[ezdrm-account-username]&P=[ezdrm-account-password]&C= “”’

The following values in the EZDRM response must be used to create the key file and configure Wowza media server to use the EZDRM module: Widevine/ContentIDPlayReady/KeyPlayReady/KeyIDGUIDPlayReady/LAURL, and PlayReady/Checksum.


Create an EZDRM PlayReady key file

Key files are text files with a .key file extension stored in the Wowza Streaming Engine [install-dir]/keys directory. Key files must be named in the format of [streamName].key. For example, to protect the stream myStream.mp4, the key file would be [install-dir]/keys/myStream.mp4.key.

Note: Each live stream and VOD asset must have a separate key file named [streamName].key.

Each key file must contain the following:

smoothstreaming-playready-key-id: [KeyIDGuid]
smoothstreaming-playready-license-url: [LAURL]
smoothstreaming-playready-content-key: [Key]
smoothstreaming-playready-checksum: [CheckSum]
smoothstreaming-playready-algorithm: AESCTR


  • [KeyIDGUID] is the media key ID (KeyIDGUID) value in the <PlayReady> section of the EZDRM response.
  • [Key] is the base-64 encoded content encryption Key value in the <PlayReady> section of the EZDRM response.
  • [LAURL] is the PlayReady license URL for encryption (LAURL) value in the <PlayReady> section of the EZDRM response.
  • [Checksum] is the Checksum value in the <PlayReady> section of the EZDRM response. This is a special checksum of the key ID and is required to authenticate the player. 

Use Wowza Streaming Engine Manager to configure the EZDRM module

Create and configure an application to ingest the source stream

Create a live or VOD application in Wowza Streaming Engine to ingest the source video and use the EZDRM module to protect the content.

  1. Use one of the following Tutorials to create an application:
  2. Use the Test Players in Wowza Streaming Engine or the Wowza Test Players website to verify that you can play an unencrypted stream in the example Silverlight player. The following is an example of the playback URL structure:

    Where [wowza-ip-address] is the IP address or domain of your Wowza media server, [application-name] is the name of your streaming application (either live or vod), and [stream-name] is the name of your stream (myStream).

    For nDVR, use the following playback URL structure:

Add and configure the EZDRM module

After you have downloaded and installed the EZDRM module and created a Wowza media server application, you must add the module to the application and use custom properties to configure the module.

Note: Access to the Properties and Modules tabs are limited to administrators with advanced permissions. For more information about how to configure access, see Manage credentials.
  1. Sign in to Wowza Streaming Engine Manager, click the Applications tab at the top of the page, and then click live in the contents panel.
    Note: This article uses the live application that installs with Wowza Streaming Engine. If you want to use a different application, select it instead from the contents panel.
  2. On the application page Modules tab, click Edit, and then click Add Module.
  3. In the Add New Module dialog, enter the following information, and then click Add.
    • Name: EZDRM
    • Description: EZDRM
    • Fully Qualified Class Name: com.ezdrm.wowza.EzdrmWowzaModule
  4. On the application page Properties tab, click Custom in the Quick Links bar.
  5. In the Custom section, click Edit.
  6. Click Add Custom Property, specify the following settings in the Add Custom Property dialog box, and then click Add:
    Path Name Type Value
    /Root/Application username String Your EZDRM username.
    /Root/Application password String The password associated with the value provided for the username property. 
    /Root/Application contentId String The ContentID returned in the EZDRM response.
    /Root/Application ezdrmUrl String Enter This is the EZDRM Key API URL.
    /Root/Application debugFlag Boolean (Optional) Enables logging in the Wowza Streaming Engine logs for troubleshooting. Set to true to enable logging. The default value is false.

  7. Click Save and then restart the application to apply your changes. 

(Optional) XML configuration

  • Skip this section if you completed the steps in Use Wowza Streaming Engine Manager to configure the EZDRM module.
  • Editing the XML file directly is the only way to configure Wowza Media Server. If you're using Wowza Streaming Engine 4.0 or later, we recommend using the Wowza Streaming Engine Manager to add and configure the module. However, the following instructions will also work.
  1. Edit [install-dir]/conf/[application-name]/Application.xml and add the following <Module> as the last entry in the <Modules> list:
  2. Edit [install-dir]/conf/[application-name/Application.xml and add the following properties to the application-level <Properties> container at the bottom of the file (be sure to get the correct <Properties> container - there are several in the Application.xml file):
    Where [ezdrm-account-username] is your EZDRM username, [ezdrm-account-password] is your EZDRM password associated with the specified username, and [ezdrm-contentID] is the ContentID generated for the stream.
  3. If you're delivering a live stream, start the Wowza media server and send the stream from your encoder to the server.

Test the DRM configuration

Test playback with encryption

  1. Log in to the EZDRM website.
  2. In the Members Area, click PlayReady DRM Samples and Links. This provides information about creating a test player.
  3. On your test player webpage, enter the following URL into the Stream field and then click Connect:

    Where [wowza-ip-address] is the IP address or domain of your Wowza media server, [application-name] is the name of your streaming application (either live or vod), and [stream-name] is the name of your stream (myStream).

    For nDVR, use the following URL structure:

Verify the DRM configuration with logs

When you've configured the setup correctly, you'll see messages similar to the following in the [install-dir]/logs/wowzastreamingengine_access.log file:

comment server INFO 200 - Wowza Streaming Engine is started! - - - 1.832 -
comment server INFO 200 - ModuleDRMEZDRM.onAppStart[vod/_definst_] - - - 26.339
comment server INFO 200 - ModuleDRMEZDRM.getPlayReadyLicense[vod/_definst_]: username:[your user name] keyId:[your key]

comment server INFO 200 - ModuleDRMEZDRM.onHTTPSmoothStreamingPlayReadyCreateVOD[vod/_definst_/sample.mp4]: Protect stream: keyId:[your key]
comment server INFO 200 - LiveStreamPacketizerSmoothStreaming.init[vod/_definst_/sample.mp4]: PlayReady encrypted AESCTR: keyId: [your key]

Download the Manifest XML data in a web browser. When the stream is encrypted, you'll see the following at the end of the Manifest:
     <ProtectionHeader SystemID=[System ID]/ProtectionHeader>

Special instructions for using nDVR with DRM

There are several unique instructions required to successfully use the Wowza nDVR feature with DRM for Microsoft Smooth Streaming. For more information, see Special instructions for nDVR.


If you see a message similar to the following in [install-dir]/logs/wowzastreamingengine_access.log, check that your EZDRM username and password information has been set correctly in Application.xml.

comment server WARN 200 - ModuleDRMEZDRM.getPlayreadyLicense[vod/_definst_]: EZDRM content key is not set.
comment server WARN 200 - ModuleDRMEZDRM.onHTTPSmoothStreamingPlayReadyCreateVOD[vod/_definst_/sample.mp4]: Key request failed. ifFailFakeKey:false

More resources

If you're having problems or want to discuss this article, post in our forum.