Use EZDRM PlayReady DRM with Wowza Streaming Engine

This article describes how to set up and use Wowza DRM with Wowza Streaming Engine™ media server software and EZDRM PlayReady DRM.

Download and install the EZDRM plugin for Wowza Streaming Engine

  1. Download the EZDRM Wowza Module Java plugin.
  2. Copy and paste the downloaded EzdrmWowzaModule.jar file into [wowza-install-dir]/lib.
  3. Restart Wowza Streaming Engine.

Create and configure an EZDRM DRM key file

For Wowza Streaming Engine stream, the EZDRM Wowza plugin calls the DRM key(s) that correspond to the ContentID. Before you want to stream, create DRM key set (ContentID) entries in the EZDRM DRM-as-a-Service Key API for each stream. This is well suited to adaptive bitrate streaming.

Generate an EZDRM DRM key

There are two ways to create DRM key files: the EZDRM web service or a scripted curl web service call. In both cases you must provide the following information:

Parameter Value
U Your EZDRM user name.
P Your EZDRM password.
C (Optional) A ContentID if you want to encrypt a stream with an existing ContentID. All streams that use the same ContentID will share one license.

Note: A unique ContentID is generated the first time you use the web service. To generate a new ID, send a blank value for the ContentID; to call an existing ID, specify the ContentID.

Request a DRM key with the EZDRM Web Service

  1. Open the EZDRM web service in a browser.
  2. Enter your EZDRM user name (U), password (P), and (optional) ContentID (C). information, and then click Invoke.

Request a DRM key with a curl script

Run the following curl script, or another scripted web service call, to retrieve the DRM values from the EZDRM web service where [ezdrm-account-username] is your EZDRM user name and [ezdrm-account-password] is the password associated with your EZDRM user name. You can also specify the ContentID for the value of C; if you don't specify a ContentID, you must use double quotation marks ("") to pass a blank value, as shown in the example script below.

curl -v '[ezdrm-account-username]&P=[ezdrm-account-password]&C=“”'

The following values in the EZDRM response must be used to create the key file and configure Wowza Streaming Engine to use the EZDRM module: Widevine/ContentIDPlayReady/KeyPlayReady/KeyIDGUIDPlayReady/LAURL, and PlayReady/Checksum.


Create an EZDRM PlayReady key file

Key files are text files with a .key file extension stored in the Wowza Streaming Engine [install-dir]/keys directory. Key files must be named in the format of [streamName].key. For example, to protect the stream myStream.mp4, the key file would be [install-dir]/keys/myStream.mp4.key.

Note: Each live stream and VOD asset must have a separate key file named [streamName].key.

Each key file must contain the following:

smoothstreaming-playready-key-id: [KeyIDGuid]
smoothstreaming-playready-license-url: [LAURL]
smoothstreaming-playready-content-key: [Key]
smoothstreaming-playready-checksum: [CheckSum]
smoothstreaming-playready-algorithm: AESCTR


  • [KeyIDGUID] is the media key ID (KeyIDGUID) value in the <PlayReady> section of the EZDRM response.
  • [Key] is the base-64 encoded content encryption Key value in the <PlayReady> section of the EZDRM response.
  • [LAURL] is the PlayReady license URL for encryption (LAURL) value in the <PlayReady> section of the EZDRM response.
  • [Checksum] is the Checksum value in the <PlayReady> section of the EZDRM response. This is a special checksum of the key ID and is required to authenticate the player. 

Configure the Wowza Streaming Engine stream and EZDRM module

Create and configure an application to ingest the source stream

  1. Use one of the following articles to create an application:

To set up DVR streaming, follow the live streaming instructions and then see Wowza nDVR overview.

  1. Use your player or the test players on the Video Test Players webpage to verify that you can play an unencrypted stream in the example Silverlight player. The following is an example of the playback URL structure:

    Where [address] is the IP address or domain of your Wowza Streaming Engine server, [application-name] is the name of your streaming application (either live or vod), and [stream-name] is the name of your stream (myStream).

    For nDVR, use the following playback URL structure:

Add and configure the EZDRM module in Wowza Streaming Engine Manager

You must add the module to the application and then configure the module's properties.

Note: Access to the Properties and Modules tabs is limited to administrators with advanced permissions. For more information about how to configure access, see Manage credentials.
  1. In Wowza Streaming Engine Manager, click the Applications tab at the top of the page, and then click live in the contents panel.
    Note: This article uses the live application that installs with Wowza Streaming Engine. If you want to use a different application, select it instead from the contents panel.
  2. On the application page Modules tab, click Edit, and then click Add Module.
  3. In the Add New Module dialog, enter the following information, and then click Add.
    • Name – EZDRM
    • Description – EZDRM
    • Fully Qualified Class Name – com.ezdrm.wowza.EzdrmWowzaModule
  4. On the application page Properties tab, click Custom in the Quick Links bar.
  5. In the Custom section, click Edit.
  6. Click Add Custom Property, specify the following settings in the Add Custom Property dialog box, and then click Add:
    Path Name Type Value
    /Root/Application username String Your EZDRM user name.
    /Root/Application password String The password associated with the value provided for the username property. 
    /Root/Application contentId String The ContentID returned in the EZDRM response.
    /Root/Application ezdrmUrl String Enter This is the EZDRM Key API URL.
    /Root/Application debugFlag Boolean (Optional) Enables logging in the Wowza Streaming Engine logs for troubleshooting. Set to true to enable logging. The default value is false.

  7. Click Save and then restart the application to apply your changes. 

Add and configure the EZDRM module in XML

Notes: Skip this section if you configured the EZDRM module in Wowza Streaming Engine Manager. Editing the XML file directly is an alternative way to add and configure the module.
  1. Edit [install-dir]/conf/[application-name]/Application.xml and add the following <Module> as the last entry in the <Modules> list:
  2. Edit [install-dir]/conf/[application-name]/Application.xml and add the following properties to the application-level <Properties> container at the bottom of the file (be sure to get the correct <Properties> container; there are several in the Application.xml file):

    Where [ezdrm-account-username] is your EZDRM user name, [ezdrm-account-password] is your EZDRM password associated with the specified user name, and [ezdrm-contentID] is the ContentID generated for the stream.

  3. If you're delivering a live stream, start Wowza Streaming Engine and send the stream from your encoder to the server.

Test the DRM configuration

Test playback with encryption

  1. Log in to the EZDRM website.
  2. In the Members Area, click PlayReady DRM Samples and Links. This provides information about creating a test player.
  3. On your test player webpage, enter the following URL into the Stream field and then click Connect:

    Where [address] is the IP address or domain of your Wowza Streaming Engine server, [application-name] is the name of your streaming application (either live or vod), and [stream-name] is the name of your stream (myStream).

    For nDVR, use the following URL structure:

Verify the DRM configuration with logs

When you've configured the setup correctly, you'll see messages similar to the following in the [install-dir]/logs/wowzastreamingengine_access.log file:

comment server INFO 200 - Wowza Streaming Engine is started! - - - 1.832 -
comment server INFO 200 - ModuleDRMEZDRM.onAppStart[vod/_definst_] - - - 26.339
comment server INFO 200 - ModuleDRMEZDRM.getPlayReadyLicense[vod/_definst_]: username:[your user name] keyId:[your key]

comment server INFO 200 - ModuleDRMEZDRM.onHTTPSmoothStreamingPlayReadyCreateVOD[vod/_definst_/sample.mp4]: Protect stream: keyId:[your key]
comment server INFO 200 - LiveStreamPacketizerSmoothStreaming.init[vod/_definst_/sample.mp4]: PlayReady encrypted AESCTR: keyId: [your key]

Download the Manifest XML data in a web browser. When the stream is encrypted, you'll see the following at the end of the Manifest:
    <ProtectionHeader SystemID=[System ID]/ProtectionHeader>

Special instructions for using nDVR with DRM for Microsoft Smooth Streaming

There are several unique instructions required to successfully use Wowza nDVR with DRM for Microsoft Smooth Streaming. For more information, see Special instructions for nDVR.


If you see a message similar to the following in [install-dir]/logs/wowzastreamingengine_access.log, check that your EZDRM user name and password information has been set correctly in Application.xml.

comment server WARN 200 - ModuleDRMEZDRM.getPlayreadyLicense[vod/_definst_]: EZDRM content key is not set.
comment server WARN 200 - ModuleDRMEZDRM.onHTTPSmoothStreamingPlayReadyCreateVOD[vod/_definst_/sample.mp4]: Key request failed. ifFailFakeKey:false

More resources