Radiant Media Player

AES-128 HLS decryption support

Apple HLS AES-128 Content Protection

HTML5 Flash

Radiant Media Player supports AES-128 content decryption with HLS (using 16-octet keys) as described in Apple HLS specification. This is supported for on-demand, live or DVR streaming in both HTML5 and Flash video.

AES-128 is the only encryption method supported.

Supported environments

  • HTML5 video: MSE-HLS and native HLS
  • Flash video with HLS

See the streaming documentation for more information.

Supported features

  • Key can be hosted externally or embedded within the manifest
  • Custom initialisation vectors (IV)
  • Key rotation

A test HLS AES-128 encrypted stream is available here:


The player will automatically detect and start decoding an HLS AES-128 encrypted stream based on the information provided in the manifest.

Player code example:

<!-- Include Radiant Media Player JavaScript file in your <body> or <head> -->
<script src="https://cdn.radiantmediatechs.com/rmp/v3/latest/js/rmp.min.js"></script>
<!-- Set up your wrapper div with its unique id -->
<div id="rmpPlayer"></div>
<!-- Set up player configuration options -->
// Our HLS AES-128 stream
var bitrates = {
  hls: 'https://rmpsite-1479.kxcdn.com/media/rmp-segment/bbb-abr-aes/playlist.m3u8'
// Then we set our player settings
var settings = {
  licenseKey: 'your-license-key',
  bitrates: bitrates,  
  delayToFade: 3000,
  width: 640,
  height: 360,
  skin: 's3',
  poster: 'https://www.radiantmediaplayer.com/images/poster-rmp-showcase.jpg'
// Reference to the wrapper div (unique id)
var elementID = 'rmpPlayer';
// Create an object based on RadiantMP constructor
var rmp = new RadiantMP(elementID);
// Initialization ... test your page and done!

Advanced use cases

More information on HLS content protection can be found here.

An additional layer of security can be provided through the use of secure token. This implementation requires a server-side component in order to be efficient. We have published a guide on how to achieve this with Wowza Streaming Engine here.

If you want to secure the key file delivery over HTTPS please refer to this Apple guide.

If you want extra security please consider the following: "Key files require an initialization vector (IV) to decode encrypted media. The IVs can be changed periodically, just as the keys can. Current recommendations for encrypting media while minimizing overhead is to change the key every 3-4 hours and change the IV after every 50 Mb of data."

Any of the above additional security layers need to be implemented on your side as Radiant Media Player only supports the decrypting of AES-128 encrypted content.