This specification defines the stream format and initialization data for using ISO Base media File Format [BMFF] content using the ISO Common Encryption ('cenc') protection scheme [CENC-1ST] with the Encrypted Media Extensions. It also defines a common SystemID and PSSH box format for use with Encrypted Media Extensions.

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

The Working Group maintains a list of all bug reports that the editors have not yet tried to address.

Implementors should be aware that this specification is not stable. Implementors who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways. Vendors interested in implementing this specification before it eventually reaches the Candidate Recommendation stage should join the mailing list mentioned below and take part in the discussions.

This document was published by the HTML Working Group as an Editor's Draft. If you wish to make comments regarding this document, please send them to public-html-media@w3.org (subscribe, archives). All comments are welcome.

Publication as an Editor's Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

Table of Contents

1. Stream Format

Under the ISO Common Encryption ('cenc') protection scheme [CENC-1ST], ISO Base media File Format [BMFF] content is encrypted at the sample level with AES-128 CTR encryption. This protection method enables multiple Key Systems to decrypt the same media content.

Each key is identified by a Key ID and each encrypted sample is associated with the Key ID of the key needed to decrypt it. This association is signaled either through the specification of a default Key ID in the track encryption box ('tenc') or by assigning the sample to a Sample Group, the definition of which specifies a Key ID. Common encryption files may contain a mixture of encrypted and unencrypted samples.

2. Detecting Encryption

Protection scheme signaling conforms with ISO Base media File Format [BMFF]. When protection has been applied, the stream type will be transformed to 'encv' for video or 'enca' for audio, with a Protection Scheme Information Box ('sinf') added to the sample entry in the Sample Description Box ('stsd'). The Protection Scheme Information Box ('sinf') will contain a Scheme Type Box ('schm') with a scheme_type field set to a value of 'cenc' (Common Encryption).

The "encrypted block" is a sample. Determining whether a sample is encrypted depends on the corresponding Track Encryption Box ('tenc') and the sample group with grouping type 'seig' (CencSampleEncryption group), if any, associated with the sample. The default encryption state of a sample is defined by the IsEncrypted flag in the associated track encryption box ('tenc'). This default state may be modified by the IsEncrypted flag in the SampleGroupDescriptionBox ('sgpd'), pointed to by an index in the SampleToGroupBox ('sbgp').

Samples can be partially encrypted, specified by subsample information referenced by SampleAuxiliaryInformationSizesBox ('saiz') and SampleAuxiliaryInformationOffsetsBox ('saio') boxes.

For complete information, see [CENC-1ST].

3. Initialization Data and Events

Common Encryption files may contain one or more protection system specific header ('pssh') boxes, each for a unique SystemID at each location where a 'pssh' box is necessary.

Initialization Data is always one or more concatenated 'pssh' boxes. The CDM must be able to examine multiple 'pssh' boxes in the Initialization Data to find a 'pssh' box that it supports.

Each time one or more 'pssh' boxes are encountered, the Initialization Data Encountered algorithm shall be invoked with initDataType = "cenc" and initData = the 'pssh' box(es). Multiple 'pssh' boxes must be provided together if and only if they appear directly next to each other in the file.

If a supported 'pssh' box (based on SystemID) is not found while processing the initData in the createSession() algorithm, follow the algorithm step for "init data is not supported by the cdm."


'pssh' boxes stored in movie fragment boxes are intended to store keys referenced by KID in a sample group description contained in that movie fragment, where the KID in the sample group description overrides the default_KID specified for the track in the track encryption box ('tenc'). Each 'moof'/'pssh' box must protect the contained keys with a SystemID specific method. Sample groups and 'pssh' key storage in movie fragments enable keys to be changed and accessed without interruption during playback of a track.


ISO Common Encryption 2nd Edition [CENC-2ND] also specifies storage of a 'pssh' box base64 encoded in an XML element of the form <cenc:pssh (base64 'pssh')>. For instance, DASH manifests may provide 'pssh' boxes in this format, each contained in a ContentProtection Descriptor element identified by a SystemID. These 'pssh' boxes may be decoded and concatenated by an application to provide equivalent Initialization Data to that stored in movie or movie fragment boxes.

4. Common SystemID and PSSH Box Format

This section defines a common open SystemID and PSSH box format for use with EME. Key System implementations supporting ISO Common Encryption should support this SystemID and format, though they may prefer another SystemID when present in the Initialization Data. It is also recommended that media resources contain appropriate PSSH box(es) for this SystemID so that they may be used by any Key System implementation that supports it.

Clear Key uses this SystemID for ISO Common Encryption content. When createSession() is called with initDataType "cenc", the Clear Key CDM will use the PSSH box with this SystemID to generate a license request.

4.1 Definition

The SystemID is 1077efec-c0b2-4d02-ace3-3c1e52e2fb4b.

The PSSH box format is as follows. It follows version 1 of the 'pssh' box as defined in ISO Common Encryption 2nd Edition [CENC-2ND].

KID and KID_count
The key ID(s) represented by the PSSH box. For example, those key ID(s) used by the Movie ('moov') or Movie Fragment ('moof').
Data and DataSize
Reserved for future use. DataSize SHALL be set to 0 when constructing this box. When processing, if dataSize is non-zero the Data field SHALL be ignored.

4.2 Example

This section is non-normative.

The following example contains two key IDs.

Example 1
var pssh = [
    0x00, 0x00, 0x00, 0x4c, 0x70, 0x73, 0x73, 0x68, // BMFF box header (76 bytes, 'pssh')
    0x01, 0x00, 0x00, 0x00,                         // Full box header (version = 1, flags = 0)
    0x10, 0x77, 0xef, 0xec, 0xc0, 0xb2, 0x4d, 0x02, // SystemID
    0xac, 0xe3, 0x3c, 0x1e, 0x52, 0xe2, 0xfb, 0x4b,
    0x00, 0x00, 0x00, 0x02,                         // KID_count (2)  
    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, // First KID ("0123456789012345")
    0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
    0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, // Second KID ("ABCDEFGHIJKLMNOP")
    0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
    0x00, 0x00, 0x00, 0x00,                         // Size of Data (0)
See a problem? Select text and .

A. References

A.1 Normative references

ISO/IEC 14496-12:2012, Information technology -- Coding of audio-visual objects -- Part 12: ISO base media file format. International Standard. URL: http://standards.iso.org/ittf/PubliclyAvailableStandards/c061988_ISO_IEC_14496-12_2012.zip
ISO/IEC 23001-7:2012, Information technology -- MPEG systems technologies -- Part 7: Common encryption in ISO base media file format files. International Standard. URL: https://www.iso.org/obp/ui/#iso:std:iso-iec:23001:-7:ed-1:v1
ISO/IEC DIS 23001-7 2nd Edition. Draft International Standard.