Secure Packager and Encoder Key Exchange (SPEKE) API was introduced by Amazon Web Services (AWS) in 2018 to integrate DRM Key Services with encryptors, including encoders, transcoders, and origin servers. In September 2021 AWS introduced SPEKE 2.0 which supports multiple encryption keys and offer some other advantages.
Axinom, as an early adoptor of SPEKE, support SPEKE 2.0 in its Axinom DRM Key Service from day one.
SPEKE 2.0 brings the following evolutions compared to SPEKE 1.0:
Support for multiple content keys
All tags from the SPEKE XML namespace are deprecated in favor of equivalent tags in the CPIX XML namespace
SPEKE:ProtectionHeaderis deprecated and replaced by
SPEKE:KeyFormatVersionsare deprecated and replaced by
CPIX@idis replaced by
New mandatory CPIX attributes:
New optional CPIX element:
Cross-versioning mechanism between SPEKE and CPIX
HTTP headers evolution: new
Speke-User-Agentheader renamed to
Heartbeat API deprecation
With a long history as a proponent of the CPIX standard, Axinom maintains and publishes an open-source implementation of the CPIX document format since version 1.0 was published.
AWS when it requests encryption keys from a Key Service, generates the related KeyID automatically. It is important for the downstream DRM processes to know the KeyID, but AWS does not report the assigned KeyID. Axinom offers two workarounds for this issue.
You can create a proxy which sits between AWS and the Key Service and can report the KeyID. Read Extracting keyId from SPEKE requests for guidelines. This approach works with both SPEKE 1.0 and SPEKE 2.0.
You can override the KeyID assigned by AWS by supplying a flag:
/Speke?overrideKeyIds=true. The new KeyID is generated using a deterministic algorithm described in SPEKE Override Functionality
|KeyID overriding functionality is currently available with the SPEKE 1.0 endpoint. For SPEKE 2.0 Axinom is working on the implemenation, it will be published soon.|