Radiant Media Player

AES-128 & SAMPLE-AES HLS decryption support

Documentation sections

HLS AES-128 & SAMPLE-AES Content Protection

Radiant Media Player supports AES-128 & SAMPLE-AES content decryption with HLS (using 16-octet keys) as described in Apple HLS specification. This is supported for on-demand, live or DVR streaming.

Supported features

  • Key can be hosted externally or embedded within the manifest
  • Custom initialisation vectors (IV)
  • Key rotation

A test HLS AES-128 encrypted stream is available here:


The player will automatically detect and start decoding an HLS AES-128/SAMPLE-AES encrypted stream based on the information provided in the manifest.

Player code example:

<!-- Include Radiant Media Player - here we use the optimised build for hls.js -->
<script src="https://cdn.radiantmediatechs.com/rmp/5.5.5/js/rmp-hlsjs.min.js"></script>
<!-- Player container element -->
<div id="rmpPlayer"></div>
<!-- Set up player configuration options -->
// Passing our HLS AES-128 stream
var src = {
  hls: 'https://your-aes-hls-url.m3u8'
// Player settings
var settings = {
  licenseKey: 'your-license-key',
  src: src,
  width: 640,
  height: 360,
  poster: 'https://your-poster-url.jpg'
var elementID = 'rmpPlayer';
var rmp = new RadiantMP(elementID);

Advanced use cases

More information on HLS content protection can be found here.

An additional layer of security can be provided through the use of secure token. This implementation requires a server-side component in order to be efficient. We have published a guide on how to achieve this with Wowza Streaming Engine here.

If you want to secure the key file delivery over HTTPS please refer to this Apple guide.

For added security please consider the following: "Key files require an initialization vector (IV) to decode encrypted media. The IVs can be changed periodically, just as the keys can. Current recommendations for encrypting media while minimizing overhead is to change the key every 3-4 hours and change the IV after every 50 Mb of data."

Any of the above additional security layers needs to be implemented on your side as Radiant Media Player only supports the decrypting of AES-128/SAMPLE-AES encrypted content.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 3.0 License.