Enable AES decryption (Web Player)

Learn how to configure your player to decrypt AES-128 encrypted stream segments.


The web player can decrypt stream segments that are encrypted with AES-128 in HLS or MPEG-DASH streaming packages.

When encryption is used, the manifest playlist file needs to reference the corresponding key file so that the player can retrieve the keys for decryption.

JWP supports three modes for decoding encrypted segments:

  • The key can rotate per fragment or be the same.
  • The key can be hosted externally or be embedded within the index file.
  • Custom initialization vectors (IVs) can be used.

Below is an example of a playlist file with a custom IV.

#EXTM3U
#EXT-X-TARGETDURATION:10
#EXT-X-VERSION:3
#EXT-X-MEDIA-SEQUENCE:0
#EXT-X-PLAYLIST-TYPE:VOD
#EXTINF:10,	
#EXT-X-KEY:METHOD=AES-128,URI="key",IV=0x1c341b1db8ff5399501511a99c8c7d14
fileSequence0.ts
#EXTINF:10,	
fileSequence1.ts
#EXT-X-ENDLIST

🚧

JWP does not support SAMPLE-AES in non-Safari browsers.



aestoken Property

🚧

Please be aware that aestoken is not supported in Safari on desktop or mobile.


Using the aestoken property, the player can also pass a token to the key request URI, enhancing the security of AES.

jwplayer('myElement').setup({
    "playlist": [{
        "sources": [{
            "file": "sample_aes_stream.m3u8",
            "aestoken": "{example_aes_token}"
        }]
    }]
});

When the web player requests the key, the token is appended as a URL parameter called token. This appended parameter allows the key server that is providing the AES decryption key to authenticate whether or not the request is valid. JWP will check to make sure the ? is present on the key URI and add one if necessary.