Use EZDRM Universal DRM with Wowza Streaming Engine

EZDRM Universal DRM combines Google Widevine DRM with Microsoft PlayReady DRM. Both use linked CENC keys of MPEG-DASH streaming to enable the content owner to encrypt the media once with CENC keys and deliver either a PlayReady or a Widevine license based on the player and platform calling for a license. This article describes how to set up and use Wowza DRM with Wowza Streaming Engine™ media server software and EZDRM Universal DRM.

Download and install the EZDRM plugin for Wowza Streaming Engine


  1. Download the EZDRM Wowza Module Java plugin.
  2. Copy and paste the downloaded EzdrmWowzaModule.jar file into [wowza-install-dir]/lib.
  3. Restart Wowza Streaming Engine.

Create and configure an EZDRM DRM key file


For each Wowza Streaming Engine stream, the EZDRM Wowza plugin calls the DRM key(s) that correspond to the ContentID. Before you want to stream, create DRM key set (ContentID) entries in the EZDRM DRM-as-a-Service Key API for each stream. This is well suited to adaptive bitrate streaming.

Generate an EZDRM DRM key

There are two ways to create DRM key files: the EZDRM web service or a scripted curl web service call. In both cases you must provide the following information:

Parameter Value
U Enter your EZDRM user name.
P Enter your EZDRM password.
C (Optional) Enter a ContentID if you want to encrypt a stream with an existing ContentID. All streams that use the same ContentID will share one license.

Note: A unique ContentID is generated the first time you use the web service. To generate a new ID, send a blank value for the ContentID; to call an existing ID, specify the ContentID.

Request a DRM key with the EZDRM web service

  1. Open the EZDRM web service in a browser.
  2. Enter your EZDRM user name (U), password (P), and (optional) ContentID (C) information, and then click Invoke.

Request a DRM key with a curl script

Run the following curl script, or another scripted web service call, to retrieve the DRM values from the EZDRM web service where [ezdrm-account-username] is replaced with your EZDRM user name and [ezdrm-account-password] is replaced with the password associated with your EZDRM user name. You can also specify the ContentID for the value of C; if you don't specify a ContentID, you must use double quotation marks ("") to pass a blank value, as shown in the example script below.

curl -v 'http://wvm.ezdrm.com/ws/LicenseInfo.asmx/GenerateKeys?U=[ezdrm-account-username]&P=[ezdrm-account-password]&C=“”'

The following values in the EZDRM response must be used to create the key file and configure Wowza Streaming Engine to use the EZDRM module: Widevine/ContentIDWidevine/KeyWidevine/KeyIDGUID, Widevine/PSSH, and PlayReady/LAURL.

 

Create an EZDRM Universal key file

Key files are text files with a .key file extension stored in the Wowza Streaming Engine [install-dir]/keys directory. Key files must be named in the format of [streamName].key. For example, to protect the stream myStream.mp4, the key file would be [install-dir]/keys/myStream.mp4.key.

Note: Each live stream and VOD asset must have a separate key file named [streamName].key.

Each key file must contain the following:

mpegdashstreaming-cenc-key-id: [KeyIDGUID]
mpegdashstreaming-cenc-content-key: [Key]
mpegdashstreaming-cenc-algorithm: AESCTR
mpegdashstreaming-cenc-keyserver-playready: true
mpegdashstreaming-cenc-keyserver-playready-system-id: 9a04f079-9840-4286-ab92-e65be0885f95
mpegdashstreaming-cenc-keyserver-playready-license-url: [LAURL]
mpegdashstreaming-cenc-keyserver-widevine: true
mpegdashstreaming-cenc-keyserver-widevine-system-id: edef8ba9-79d6-4ace-a3c8-27dcd51d21ed
mpegdashstreaming-cenc-keyserver-widevine-pssh-data: [PSSH]

Where:

  • [KeyIDGUID] is the media key ID (KeyIDGUID) value in the <Widevine> section of the EZDRM response.
  • [Key] is the base-64 encoded content encryption Key value in the <Widevine> section of the EZDRM response.
  • [LAURL] is the PlayReady license URL for encryption (LAURL) value in the <PlayReady> section of the EZDRM response.
  • [PSSH] is the Widevine protection system specific header (PSSH) value in the <Widevine> section of the EZDRM response.

Configure the Wowza Streaming Engine stream and EZDRM module


Create and configure an application to ingest the source stream

  1. Use one of the following articles to create an application:
     

To set up DVR streaming, follow the live streaming instructions and then see Wowza nDVR overview.

  1. Use your player or the test players on the Video Test Players webpage to verify that you can play an unencrypted stream in the example MPEG-DASH player. The following is an example of the playback URL structure:
     
    http://[wowza-ip-address]:1935/[application-name]/[stream-name]/manifest.mpd

    Where [wowza-ip-address] is the IP address or domain of your Wowza Streaming Engine server, [application-name] is the name of your streaming application, and [stream-name] is the name of your stream (myStream).

    For nDVR, use the following playback URL structure:

    http://[wowza-ip-address]:1935/[application-name]/[stream-name]/manifest.mpd?DVR

Add and configure the EZDRM module in Wowza Streaming Engine Manager

You must add the module to the application and then configure the module's properties.

Note: Access to the Properties and Modules tabs is limited to administrators with advanced permissions. For more information about how to configure access, see Manage credentials.
  1. In to Wowza Streaming Engine Manager, click the Applications tab at the top of the page, and then click the name of your application in the contents panel.
  2. On the application page Modules tab, click Edit, and then click Add Module.
  3. In the Add New Module dialog, enter the following information, and then click Add.
     
    • Name: EZDRM
    • Description: EZDRM
    • Fully Qualified Class Name: com.ezdrm.wowza.EzdrmWowzaModule
  4. On the application page Properties tab, click Custom in the Quick Links bar.
  5. In the Custom section, click Edit.
  6. Click Add Custom Property, specify the following settings in the Add Custom Property dialog box, and then click Add:
     
    Path Name Type Value
    /Root/Application username String Your EZDRM user name.
    /Root/Application password String The password associated with the value provided for the username property. 
    /Root/Application contentId String The ContentID returned in the EZDRM response.
    /Root/Application ezdrmUrl String Enter https://wvm.ezdrm.com/ws/LicenseInfo.asmx/GenerateKeys. This is the EZDRM Key API URL.
    /Root/Application debugFlag Boolean (Optional) Enables logging in the Wowza Streaming Engine logs for troubleshooting. Set to true to enable logging. The default value is false.

  7. Click Save and then restart the application. 

Add and configure the EZDRM module in XML

Notes: Skip this section if you configured the EZDRM module in Wowza Streaming Engine Manager. Editing the XML file directly is an alternative way to configure the module.
  1. Edit [install-dir]/conf/[application-name]/Application.xml and add the following <Module> as the last entry in the <Modules> list:
     
    <Module>
        <Name>EZDRM</Name>
        <Description>EZDRM</Description>
        <Class>com.ezdrm.wowza.EzdrmWowzaModule</Class>
    </Module>
  2. Edit [install-dir]/conf/[application-name/Application.xml and add the following properties to the application-level <Properties> container at the bottom of the file (be sure to get the correct <Properties> container; there are several in the Application.xml file):
     
    <Property>
      <Name>username</Name>
      <Value>[ezdrm-account-username]</Value>
      <Type>String</Type>
    </Property>
    <Property>
      <Name>password</Name>
      <Value>[ezdrm-account-password]</Value>
      <Type>String</Type>
    </Property>
    <Property>
      <Name>contentId</Name>
      <Value>[ezdrm-contentID]</Value>
      <Type>String</Type>
    </Property>
    <Property>
      <Name>ezdrmUrl</Name>
      <Value>https://wvm.ezdrm.com/ws/LicenseInfo.asmx/GenerateKeys</Value>
      <Type>String</Type>
    </Property>
    <Property>
      <Name>debugFlag</Name>
      <Value>true</Value>
      <Type>Boolean</Type>
    </Property>

    Where [ezdrm-account-username] is your EZDRM user name, [ezdrm-account-password] is your EZDRM password associated with the specified user name, and [ezdrm-contentID] is the ContentID generated for the stream.

  3. If you're delivering a live stream, start Wowza Streaming Engine and send the stream from your encoder to the server.

Test the DRM configuration


Test playback with encryption

  1. Log in to the EZDRM website.
  2. In the Members Area, click Widevine DRM Player and Playback Help. This provides information about creating a test player.
  3. On your test player webpage, enter the following URL into the Stream field and then click Connect:
     
    http://[wowza-ip-address]:1935/[application-name]/[stream-name]/manifest.mpd

    Where [wowza-ip-address] is the IP address or domain of your Wowza Streaming Engine server, [application-name] is the name of your streaming application, and [stream-name] is the name of your stream (myStream).

    For nDVR, use the following URL structure:
     
    http://[wowza-ip-address]:1935/[application-name]/[stream-name]/manifest.mpd?DVR

Troubleshooting


If you see a message similar to the following in [install-dir]/logs/wowzastreamingengine_access.log, check that your EZDRM user name and password information is correct in Application.xml.

comment server WARN 200 - EZDRM.getWidevineLicense[myApplication/_definst_]: EZDRM content key is not set.
comment server WARN 200 - EZDRM.onHTTPMpegDashWidevineCreateVOD[myApplication/_definst_/sample.mp4]: Key request failed. ifFailFakeKey:false

More resources