Copyright © 2024 World Wide Web Consortium. W3C® liability, trademark and permissive document license rules apply.
This specification defines the stream format for using ISO Base Media File Format [ISOBMFF] content that uses the ISO Common Encryption protection schemes [CENC] with the Encrypted Media Extensions [ENCRYPTED-MEDIA].
Although the ISO Base Media File Format [ISOBMFF] associated with this format's MIME type/subtype strings supports multiple protection schemes, when used with Encrypted Media Extensions, these strings refer specifically to content encrypted and packaged using the 'cenc' or 'cbcs' protection schemes, as defined by section 4.2 of [CENC].
This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.
This document was published by the Media Working Group as a Group Note using the Note track.
This Group Note is endorsed by the Media Working Group, but is not endorsed by W3C itself nor its Members.
This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
The W3C Patent Policy does not carry any licensing requirements or commitments on this document.
This document is governed by the 03 November 2023 W3C Process Document.
ISO Base Media File Format [ISOBMFF] content that is encrypted using the ISO Common Encryption protection schemes [CENC] SHALL be encrypted at the sample level with either the 'cenc' (AES-128 CTR) or 'cbcs' (AES-128 CBC) encryption schemes, as defined in section 4.2 of [CENC]. These protection methods enable multiple Key Systems to decrypt the same media content.
Each key is identified by a key ID and each encrypted sample is associated with the key ID of the key needed to decrypt it. This association is signaled either through the specification of a default key ID in the track encryption box ('tenc') or by assigning the sample to a Sample Group, the definition of which specifies a key ID. Streams may contain a mixture of encrypted and unencrypted samples.
For a stream determined to be in the ISO Base Media File Format [ISOBMFF], the ISO Common Encryption protection schemes may be detected as follows.
Protection scheme signaling conforms with [ISOBMFF]. When protection
has been applied, the stream type will be transformed to 'encv' for
video or 'enca' for audio, with a Protection Scheme Information Box
('sinf') added to the sample entry in the Sample Description Box
('stsd'). The Protection Scheme Information Box ('sinf') will contain a
Scheme Type Box ('schm') with a scheme_type field set to a value of
'cenc'
or 'cbcs'
[CENC].
For the purposes of the Encrypted Block Encountered algorithm, encrypted blocks are identified as follows.
The encrypted block is a sample. Determining whether a sample is encrypted depends on the corresponding Track Encryption Box ('tenc') and the sample group with grouping type 'seig' (CencSampleEncryption group), if any, associated with the sample. The default encryption state of a sample is defined by the IsEncrypted flag in the associated track encryption box ('tenc'). This default state may be modified by the IsEncrypted flag in the SampleGroupDescriptionBox ('sgpd'), pointed to by an index in the SampleToGroupBox ('sbgp').
Samples can be partially encrypted, specified by subsample information referenced by SampleAuxiliaryInformationSizesBox ('saiz') and SampleAuxiliaryInformationOffsetsBox ('saio') boxes.
For complete information, see [CENC].
Streams may contain one or more Protection System Specific Header ('pssh') boxes [CENC], each for a unique SystemID, at each location where a 'pssh' box is necessary. Content using this stream format SHOULD include a box containing the Common SystemID and PSSH Box Format.
Initialization data is always one or more concatenated 'pssh' boxes as defined by the "cenc" Initialization Data Format [EME-INITDATA-REGISTRY].
Each time one or more 'pssh' boxes are encountered, the
Initialization Data Encountered algorithm SHALL be invoked
with initDataType = "cenc"
[EME-INITDATA-REGISTRY] and initData = the 'pssh'
box(es). Multiple 'pssh' boxes MUST be provided together if and only if
they appear directly next to each other in the stream.
As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
The key words MUST, SHALL, and SHOULD in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.