With a long history as a proponent of the CPIX (Content Protection Information Exchange) standard, Axinom maintains and publishes an open-source implementation of the CPIX document format since version 1.0 was published.

CPIX

Overview

Content Protection Information Exchange Format (CPIX) is a standard published by the DASH Industry Forum. It regulates the exchange of content encryption keys and related information between the parties involved, such as Packagers, Encryption Engines, CMS, etc.

A CPIX document contains keys and DRM information used for encrypting and protecting content and can be used for exchanging this information among entities needing it in many possibly different workflows for preparing, for example, DASH or HLS content. The CPIX document itself can be encrypted, signed, and authenticated so that its receivers can be sure that its confidentiality, source, and integrity are also protected.

CPIX is a sophisticated XML format suitable for various scenarios and capable of embracing different information about the keys, DRM systems, and the usage rules. However, in its simplest form, a CPIX document can be just a collection of keys, including their IDs and values.

Simple CPIX document example (version 2.0)
<?xml version="1.0" encoding="utf-8"?>
<CPIX xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:dashif:org:cpix" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:enc="http://www.w3.org/2001/04/xmlenc#" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc">
	<ContentKeyList>
		<ContentKey kid="1294b959-9d75-5de2-bbf0-fdca3fa5eab8" explicitIV="ez6RSem1PE2CdoSC9jXosg==">
			<Data>
				<pskc:Secret>
					<pskc:PlainValue>MDEyMzQ1Njc4OWFiY2RlZg==</pskc:PlainValue>
				</pskc:Secret>
			</Data>
		</ContentKey>
		<ContentKey kid="2294b959-9d75-5de2-bbf0-fdca3fa5eab8" explicitIV="afqsAFfz6EqfrlsKa45yVA==">
			<Data>
				<pskc:Secret>
					<pskc:PlainValue>ZmVkY2JhOTg3NjU0MzIxMA==</pskc:PlainValue>
				</pskc:Secret>
			</Data>
		</ContentKey>
	</ContentKeyList>
    ...
</CPIX>

CPIX uses another standard - Portable Symmetric Key Container (PSKC) - to embed symmetric keys into a text document.

CPIX Versions

CPIX was first published in 2015 and has since had several versions (1.0, 2.0, 2.1, 2.2, 2.3). CPIX 2.3 is dated as of September 2020.

1.017 Jul 20202.06 Sep 20162.116 Jul 20182.222 Mar 20192.33 Sep 2020
Figure 1. CPIX versions

Main changes in 2.3 compared to 2.2 are:

  • Addition of the commonEncryptionScheme element with the CENC protection scheme value

  • Addition of the version element

  • Addition of a section on using the same content key with different encryption schemes

  • Clarification on the explicitIV element encoding

CPIX Library

Axinom products intensively make use of CPIX for exchanging the content keys. Axinom published its library for reading/writing/processing the CPIX documents under open source terms (MIT license) in 2016 and keeps maintaining it. The library for the .NET Standard is written in C# and is available as source code on Github and as a Nuget on the Nuget website. It supports CPIX 2.3 (see CPIX Versions).

CPIX Usage by Axinom Key Service

Most of the endpoints of the Key Acquisition API use CPIX for keys delivery. For example, SPEKE, Harmonic, and Anevia. (An important exception here is the Widevine Common Encryption). Also, the key(s) can be exported in the CPIX format, using the Management API.

CPIX Usage by Axinom Encoding

Axinom Encoding supports CPIX for passing the key information to the encoding jobs. It uses the above-mentioned CPIX Library to read CPIX documents.

CPIX Elements

The following table specifies which properties in the Axinom.Cpix .NET library are supported in Axinom Encoding:

Property Required? Notes

ContentKey.kid

Required

ContentKey.Data.Secret.PlainValue or ContentKey.Data.Secret.EncryptedValue.CipherData

Required

Select the specific property based on whether the value is encrypted or not.

ContentKey.explicitIV

Optional

If not set, it is generated automatically

DRMSystemList.DrmSystem

Optional

For setting the Widevine and PlayReady PSSH data

DRMSystemList.DrmSystem.HlsSignalingData

Optional

If not set, it is generated automatically

CPIX Usage by AWS Media Services

AWS Media Services use a protocol called SPEKE to acquire keys for content encryption. SPEKE is a layer built on top of CPIX. It defines the details on how the CPIX requests should be constructed and how a key service is supposed to respond.

There are two versions of SPEKE:

  • SPEKE 1.0 uses CPIX 2.0

  • SPEKE 2.0 uses CPIX 2.3 (and adds a multi-key capability)

Axinom Key Service fully supports both: SPEKE 1.0 and SPEKE 2.0.

See also: SPEKE Tool.

DRM Technology ID

CPIX uses identifiers (GUIDs) assigned by DASH IF to each DRM technology. The following IDs are relevant in Axinom DRM context:

DRM Technology Identifier (SystemID)

Widevine

edef8ba9-79d6-4ace-a3c8-27dcd51d21ed

FairPlay

94ce86fb-07ff-4f43-adb8-93d2fa968ca2

PlayReady

9a04f079-9840-4286-ab92-e65be0885f95