Enable AES decryption

Learn how to configure your player to decrypt AES-128 encrypted stream segments.

The web player can decrypt stream segments that are encrypted with AES-128 in HLS or MPEG-DASH streaming packages.

An enterprise license is required to enable AES encryption on your JW Player-hosted streams. Talk to your account representative if you are interested. Enabling DRM through Studio DRM with JW Platform or Studio DRM Standalone is also supported as an approach to protect your content.

When encryption is used, the manifest playlist file needs to reference the corresponding key file so that the JW Player can retrieve the keys for decryption.

JW Player supports three modes for decoding encrypted segments:

  • The key can rotate per fragment or be the same.
  • The key can be hosted externally or be embedded within the index file.
  • Custom initialization vectors (IVs) can be used.

Below is an example of a playlist file with a custom IV.



JW Player does not support SAMPLE-AES in non-Safari browsers.

aestoken Property


Please be aware that aestoken is not supported in Safari on desktop or mobile.

Using the aestoken property, the player can also pass a token to the key request URI, enhancing the security of AES.

    "playlist": [{
        "sources": [{
            "file": "sample_aes_stream.m3u8",
            "aestoken": "{example_aes_token}"

When the web player requests the key, the token is appended as a URL parameter called token. This appended parameter allows the key server that is providing the AES decryption key to authenticate whether or not the request is valid. JW Player will check to make sure the ? is present on the key URI and add one if necessary.


Does JW Player support AES-128 encryption?

Did this page help you?