Create a FairPlay .p12 file (JW Platform)
Learn how to generate a .p12 keystore file for use with FairPlay DRM
The .p12 keystore file is a component of FairPlay that helps ensure the security and integrity of protected content. A .p12 keystore file stores private keys and associated certificates for FairPlay. This password-protected file is used to sign and encrypt content for use with FairPlay.
You must create a .p12 file to add your FairPlay credential to a DRM-enabled JWP property.
Requirements
JWP
Item | Notes |
---|---|
DRM entitlement | Contact your JWP representative for more information. |
DRM-enabled property | See: Enable a property |
Apple
You must request a FairPlay Streaming Deployment package from Apple.
Item | Notes |
---|---|
ASK | App secret key |
Certificate | A .cer certificate file |
Password | Private key password generated when requesting package from Apple |
Private key | A .pem private key file |
Implementation
Use the following steps to produce a .p12 keystore file (called fairplay.p12), an ASK, and a keystore password. These resources are then uploaded to the Content Protection section of your DRM-enabled property in your JWP dashboard.
- Copy the following script and save it locally as create-fairplay-p12.sh.
#!/bin/bash
function usage() {
cat <<EOF
Usage: $0 -a <ASK> -c <certificate> -k <private-key> -p <private-key-password>
PARAMETERS:
-a <ASK> The application secret key - often called the ASK.
-c <certificate> The certificate - should be a cer.
-k <private-key> The private key - should be a pem file.
-p <private-key-password> The password for the private key.
EXAMPLES:
$0 -a "my-ask-value" -c fairplay.cer -k privatekey.pem -p "my-private-key-password"
EOF
exit 1;
}
while getopts "a:c:k:p:h" OPTION; do
case "${OPTION}" in
a)
ASK=${OPTARG};;
c)
CERT=${OPTARG};;
k)
PRIVATE_KEY=${OPTARG};;
p)
PASS=${OPTARG};;
h)
usage;;
*)
usage;;
esac
done
shift $((OPTIND-1))
if [ -z "$ASK" ] || [ -z "$CERT" ] || [ -z "$PRIVATE_KEY" ] || [ -z "$PASS" ]; then
echo "ERROR: Missing parameter(s)"
usage
fi
# First we must remove the password from the private key
openssl rsa -in $PRIVATE_KEY -out key.pem -passin pass:$PASS
# Then we need to convert the certificate from Apple into a pem
openssl x509 -inform der -in $CERT -out cert.pem
# now we can combined the private key and the cert into a password protected p12
openssl pkcs12 -export -out fairplay.p12 -inkey key.pem -in cert.pem -passout pass:$PASS
echo -e "created fairplay.p12 file"
echo -e
echo -e "please use the following values (without quotes) when uploading fairplay.p12"
echo -e "Application Secret Key: \"$ASK\""
echo -e "Keystore Password: \"$PASS\""
- From the shell prompt, navigate to the folder in which create-fairplay-p12.sh has been saved.
- Run the following command. Refer to the notes in the script in step 1 to replace all the placeholders. The command will return the .p12 file.
./create-fairplay-p12.sh -a <ASK> -c <certificate> -k <private-key> -p <private-key-password>
Updated about 1 year ago