Menu
Products
Products
Video Hosting
Upload and manage your videos in a centralized video library.
Image Hosting
Upload and manage all your images in a centralized library.
Galleries
Choose from 100+templates to showcase your media in style.
Video Messaging
Record, and send personalized video messages.
CincoTube
Create your own community video hub your team, students or fans.
Pages
Create dedicated webpages to share your videos and images.
Live
Create dedicated webpages to share your videos and images.
For Developers
Video API
Build a unique video experience.
DeepUploader
Collect and store user content from anywhere with our file uploader.
Solutions
Solutions
Enterprise
Supercharge your business with secure, internal communication.
Townhall
Webinars
Team Collaboration
Learning & Development
Creative Professionals
Get creative with a built in-suite of editing and marketing tools.
eCommerce
Boost sales with interactive video and easy-embedding.
Townhall
Webinars
Team Collaboration
Learning & Development
eLearning & Training
Host and share course materials in a centralized portal.
Sales & Marketing
Attract, engage and convert with interactive tools and analytics.
"Cincopa helped my Enterprise organization collaborate better through video."
Book a Demo
Resources
Resources
Blog
Learn about the latest industry trends, tips & tricks.
Help Centre
Get access to help articles FAQs, and all things Cincopa.
Partners
Check out our valued list of partners.
Product Updates
Stay up-to-date with our latest greatest features.
Ebooks, Guides & More
Customer Stories
Hear how we've helped businesses succeed.
Boost Campaign Performance Through Video
Discover how to boost your next campaign by using video.
Download Now
Pricing
Log in
Get a demo
Get Started
Protecting premium video content across open networks requires secure encryption and license control. Integrating DRM ( Digital Rights Management ) into HLS and DASH streams ensures that only authorized devices can decrypt and play your media, even when distributed through public content delivery networks (CDNs). Both HLS and DASH support encrypted streaming using shared encryption standards and DRM signaling. When combined with a compliant license server, this setup prevents unauthorized access, copying, or redistribution of valuable video assets. Prerequisites Before integrating DRM into your streaming workflow, make sure you have the following: Source video files (MP4 or MXF) suitable for transcoding and segmentation. Access to DRM‑capable packaging tools, such as Shaka Packager, AWS Elemental MediaPackage, Azure Media Services, or Bento4. Accounts or credentials for DRM providers like Apple FairPlay, Google Widevine, and Microsoft PlayReady. A server or cloud environment for hosting encrypted streams and manifests (HLS or DASH). Basic knowledge of HTTPS, REST APIs, and HTTP adaptive streaming principles. Optional but recommended: a multi‑DRM license service (e.g., EZDRM, Irdeto, or Axinom) to handle keys and entitlements for all supported DRMs. Prepare Your Video Content for Streaming Adaptive bitrate streaming delivers multiple quality renditions to match the viewer's bandwidth. You first encode and segment your video to prepare it for secure delivery. Step 1 : Transcode source content into multiple bitrate renditions using FFmpeg or a cloud transcoder. Step 2 : Segment the renditions into small chunks (typically 2‑6 seconds) suitable for adaptive switching. Step 3 : Generate manifest files: For HLS, create .m3u8 playlists listing each segment. For DASH, generate an .mpd (Media Presentation Description). Step 4 : Verify stream integrity by testing playback with an unencrypted player before applying DRM. This provides a solid base for encryption and packaging into your target formats. Encrypt Content with DRM Both HLS and DASH use standardized encryption methods for DRM interoperability. Rather than encrypting separately for each platform, you use Common Encryption (CENC) and optionally CMAF ( Common Media Application Format ) so that one set of encrypted segments works across all DRMs. Step 1 : Generate content encryption keys (CEKs), one per title or track. These are 128‑bit AES keys stored securely in your DRM or key management system. Step 2 : Apply encryption with a DRM‑aware packager, not basic FFmpeg encryption. Tools like Shaka Packager or Bento4 embed DRM signaling automatically. Step 3 : Add DRM‑specific metadata in the manifest files: PlayReady : Insert PSSH (Protection System Specific Header) box with system ID 9a04f079-9840-4286-ab92-e65be0885f95 . Widevine : Add PSSH box with system ID edef8ba9-79d6-4ace-a3c8-27dcd51d21ed . FairPlay : Include the EXT‑X‑KEY tag in HLS playlists referencing your license (key) URI. Step 4 : Output standardized container formats: CMAF (fMP4) : Single encrypted segments usable by both HLS and DASH. HLS (MPEG‑TS or fMP4) for legacy Apple devices. DASH (fMP4) for browsers, Android, and most smart TVs. Step 5 : Validate encryption results using playback tests or manifest inspection tools to confirm DRM metadata is present. CENC and CMAF greatly reduce duplication, as one encrypted output works across multiple platforms and DRMs. Configure Your License Delivery Service A DRM license server issues decryption keys to authorized clients. Each DRM (FairPlay, Widevine, PlayReady) uses a slightly different communication protocol, but a unified multi‑DRM backend makes this consistent. Step 1 : Register your keys and Key IDs (KIDs) with a DRM or multi‑DRM provider. Each license server must reference the same KID that the packager used during encryption. Step 2 : Set up secure HTTPS license endpoints to handle requests from players. Step 3 : Enable entitlement logic: validate user identity and playback rights through OAuth tokens, session IDs, or signed URLs. Step 4 : Integrate with key exchange standards: SPEKE (Secure Packager and Encoder Key Exchange) for AWS MediaPackage or Elemental. CPIX (Content Protection Information Exchange) for exchanging encryption data between systems. Step 5 : Test license acquisition with tools like Shaka Player DRM test, FairPlay SDK test, or Azure Test Player. The license server authenticates requests and issues short‑lived decryption keys that allow playback while maintaining full content control. Integrate DRM with HLS Streams (FairPlay) FairPlay Streaming (FPS) protects HLS playback on Apple platforms using Sample‑AES encryption and a dedicated key server trust model. Step 1 : Obtain a FairPlay certificate and relevant keys from Apple’s developer ecosystem. Step 2 : Build or configure a FairPlay key server (can be managed by the DRM service). It authenticates the client and returns the decryption key in an Apple‑defined binary format. Step 3 : Use AVFoundation and FairPlay APIs in your iOS or tvOS app to handle license requests automatically. Step 4 : Reference the key URI in your HLS manifest with an EXT‑X‑KEY tag including METHOD=SAMPLE‑AES and your key server URL. Step 5 : During playback, the AVPlayer automatically: Detects encrypted content. Requests the license from the FairPlay key server. Decrypts segments internally after authorization. All decryption occurs in hardware or OS‑level modules, offering robust protection on Apple devices. Integrate DRM with DASH Streams (Widevine & PlayReady) DASH streaming supports multiple DRMs using the same encrypted segments via CENC and PSSH boxes. Widevine and PlayReady are the most widely used for DASH playback. Step 1 : For browsers, use an HTML5 player with Encrypted Media Extensions (EME) such as Shaka Player or dash.js. Step 2 : For Android, use MediaDrm APIs or ExoPlayer, which supports Widevine Modular DRM. Step 3 : For Windows or Xbox, use MediaProtectionManager APIs for PlayReady. Step 4 : Configure the player’s license acquisition URL to point to the correct multi‑DRM license server endpoint. Step 5 : When playback starts, the player detects encrypted segments and requests a license from the appropriate DRM server using PSSH metadata. Upon receiving the license, the Content Decryption Module (CDM) decrypts segments transparently to the app. This standardized process keeps DRM logic out of your application code—the DRM component in the OS or browser handles it securely. Test and Deploy Your DRM‑Protected Streams Before making your streams public, validate that encryption, playback, and license operations work cleanly across devices and networks. Step 1 : Test license responses and playback on representative devices, such as iOS/tvOS for FairPlay, Android and Chrome for Widevine, and Windows or Edge for PlayReady. Step 2 : Check adaptive bitrate (ABR) switching under varying network conditions. Step 3 : Simulate license denial or expiration scenarios to ensure unlicensed playback fails. Step 4 : Monitor logs from the license server and CDN for PSSH mismatches or token failures. Step 5 : Deploy encrypted assets and manifests to your production CDN over HTTPS. Step 6 : Rotate encryption keys and certificates periodically to maintain ongoing content security. This final step confirms that your HLS and DASH DRM pipelines operate consistently and meet security and playback-quality standards.
Video Hosting
Image Hosting
Galleries
Video Messaging
CincoTube
Pages
Live
