AES Content Protection

The JW Player has the ability to decrypt stream segments that are encrypted with AES-128. When encryption is used, the m3u8 playlist file needs to reference the corresponding key file so that the JW Player can retrieve the keys for decryption. The using the aestoken configuration, the player can also pass a token to the key request URI, enhancing the security of AES.

JW Player supports three modes for decoding encrypted segments:

  1. The key can rotate per fragment or be the same.
  2. The key can be hosted externally or be embedded within the index file.
  3. Custom initialization vectors (IVs) can be used.

Note: JW Player does not support SAMPLE-AES.


Here is an example of a playlist file with a custom IV.


When this is used in a basic embed, you get the following:


Note: The video will take a little longer to play because the player needs to decrypt each individual ts fragment. Note that decryption time may vary depending on the resolution of video files.

Secure Token

On embed of the JW Player, a token can be set in the configuration value aestoken. When the JW Player requests the key, the token is appended as a url parameter called token. This allows the key server that is providing the AES decryption key to authenticate whether or not the request is valid. JW Player will check to make sure the ? is present on the key uri and add one if necessary.

An example of how this setup would look:

var playerInstance = jwplayer("myElement");
	file: 'sample_aes_stream.m3u8',
	aestoken: 'EXAMPLE_AES_TOKEN'

Note:  aestoken is only supported on desktop browsers in Flash rendering mode. It is not supported on iOS, Safari and Android in HTML5 mode.

Sample Video with Microsoft Clear Key

The following video player uses Microsoft Clear Key for HLS.


Did you find this article helpful?

Please log in to rate this article.