Enable AES decryption (Web Player)

Learn how to configure your player to decrypt AES-128 encrypted stream segments.

The web player can decrypt stream segments that are encrypted with AES-128 in HLS or MPEG-DASH streaming packages.

An enterprise license is required to enable AES encryption on your JWP-hosted streams. Talk to your account representative if you are interested. Enabling DRM through Studio DRM is also supported as an approach to protect your content.

When encryption is used, the manifest playlist file needs to reference the corresponding key file so that the JWP can retrieve the keys for decryption.

JWP supports three modes for decoding encrypted segments:

  • The key can rotate per fragment or be the same.
  • The key can be hosted externally or be embedded within the index file.
  • Custom initialization vectors (IVs) can be used.

Below is an example of a playlist file with a custom IV.



JWP does not support SAMPLE-AES in non-Safari browsers.

aestoken Property


Please be aware that aestoken is not supported in Safari on desktop or mobile.

Using the aestoken property, the player can also pass a token to the key request URI, enhancing the security of AES.

    "playlist": [{
        "sources": [{
            "file": "sample_aes_stream.m3u8",
            "aestoken": "{example_aes_token}"

When the web player requests the key, the token is appended as a URL parameter called token. This appended parameter allows the key server that is providing the AES decryption key to authenticate whether or not the request is valid. JWP will check to make sure the ? is present on the key URI and add one if necessary.


Does JWP support AES-128 encryption?

If you are an enterprise customer and host your content on our platform, we can enable AES Encryption on your account. Reach out to your account manager or submit a support case.