快速入门:使用门户加密内容Quickstart: Use portal to encrypt content

备注

Google Widevine 内容保护服务目前在 Azure 中国区域不可用。Google Widevine content protection services are currently unavailable in the Azure China regions.

使用 Azure 媒体服务在媒体从计算机离开一直到存储、处理和传送的整个过程中帮助保护其安全。Use Azure Media Services to help secure your media from the time it leaves your computer all the way through storage, processing, and delivery. 借助媒体服务,可以传送使用高级加密标准 (AES-128) 或以下两个主要数字版权管理 (DRM) 系统中任意一个动态加密的直播和点播内容:Microsoft PlayReady 和 Apple FairPlay。With Media Services, you can deliver your live and on-demand content encrypted dynamically with Advanced Encryption Standard (AES-128) or any of the two major digital rights management (DRM) systems: Microsoft PlayReady, and Apple FairPlay. 媒体服务还提供了用于向已授权客户端传送 AES 密钥和 DRM(PlayReady 和 FairPlay)许可证的服务。Media Services also provides a service for delivering AES keys and DRM (PlayReady, and FairPlay) licenses to authorized clients.

若要在流上指定加密选项(如果有),请使用流式处理策略并将其与流式处理定位符相关联。To specify encryption options (if any) on your stream, you use a streaming policy and associate it with your streaming locator. 可创建内容密钥策略来配置将内容密钥(提供对资产的安全访问)传送给最终客户端的方式 。You create the content key policy to configure how the content key (that provides secure access to your assets) is delivered to end clients. 需要在内容密钥策略上设置要求(限制),必须满足这些要求才能将具有指定配置的密钥传送给客户端。You need to set the requirements (restrictions) on the content key policy that must be met in order for keys with the specified configuration to be delivered to clients.

备注

清除流式处理或下载时无需使用内容密钥策略。The content key policy is not needed for clear streaming or downloading.

播放器请求流时,媒体服务将通过 AES 明文密钥或 DRM 加密使用指定的密钥来动态加密内容。When a stream is requested by a player, Media Services uses the specified key to dynamically encrypt your content by using AES clear key or DRM encryption. 为了解密流,播放器将从媒体服务密钥传送服务或者指定的密钥传送服务请求密钥。To decrypt the stream, the player requests the key from Media Services key delivery service or the key delivery service you specified. 为了确定是否已授权用户获取密钥,服务将评估你为密钥指定的内容密钥策略。To decide if the user is authorized to get the key, the service evaluates the content key policy that you specified for the key.

本快速入门介绍如何创建内容密钥策略,你可在此策略中指定在对资产进行流式处理时应对资产采用哪些加密。This quickstart shows you how to create a content key policy where you specify what encryption should be applied to your asset when it is streamed. 此快速入门还介绍了如何在资产上设置配置加密。The quickstart also shows how to set the configured encryption on your asset.

建议的读前准备Suggested pre-reading

先决条件Prerequisites

按照管理 Azure 门户中的资产中所述,上传和处理内容Upload and process your content as described in manage assets in the Azure portal

创建内容密钥策略Create a content key policy

创建内容密钥策略来配置将内容密钥(提供对资产的安全访问)传送给最终客户端的方式 。Create the content key policy to configure how the content key (that provides secure access to your assets) is delivered to end clients.

  1. 登录到 Azure 门户Sign in at the Azure portal.
  2. 找到并单击你的媒体服务帐户。Locate and click on your Media Services account.
  3. 选择“内容密钥策略(新)”。Select Content key policies (new).
  4. 在窗口顶部按“+添加内容密钥策略”。Press + Add content key policy in the top of the window.

此时将显示“创建内容密钥策略”窗口。The Create a content key policy window appears. 在此窗口中,选择加密选项。In this window, you choose encryption options. 通过选择数字版权管理 (DRM) 和/或高级加密标准 (AES),选择保护你的媒体。You can choose to protect your media by choosing digital rights management (DRM), the advanced encryption standard (AES), or both.

创建内容密钥策略

无论你选择的是 DRM 选项之一还是 AES-128 明文密钥选项,都将建议你指定配置限制的方式。Whether you choose one of the DRM options or an AES-128 clear key option, you will be recommended to specify how you want to configure restrictions. 可选择具有开放或令牌限制。You can choose to have an open or token restriction. 有关详细说明,请参阅控制内容访问For detailed explanation, see Controlling content access.

添加 DRM 内容密钥Add a DRM content key

可选择使用 Microsoft PlayReady 和/或 Apple FairPlay 来保护内容。You can choose to protect your content with Microsoft PlayReady and/or Apple FairPlay. 每种许可证交付类型都会基于加密格式的凭据来验证内容密钥。Each license delivery type will verify the content keys based on your credentials in an encrypted format.

许可证模板License templates

要详细了解许可证模板,请参阅:For details about license templates, see:

添加 AES 明文密钥Add AES clear key

还可将 AES-128 明文密钥加密添加到内容中。You can also add an AES-128 clear key encryption to your content. 内容密钥以未加密的格式传输到客户端。The content key is transmitted to the client in an unencrypted format.

AES 明文密钥

为资产创建流式处理定位符Create a streaming locator for your asset

  1. 找到并单击你的媒体服务帐户。Locate and click on your Media Services account.

  2. 选择“资产(新)”。Select Assets (new).

  3. 从资产列表中选择要加密的资产。From the list of assets, select the one you want to encrypt.

  4. 在所选资产的“流式处理定位符”部分,按“+添加流式处理定位符” 。In the Streaming locator section for the selected asset, press + Add a streaming locator.

  5. 选择适用于配置的内容密钥策略的流式处理策略 。Select a streaming policy that is appropriate for the content key policy that you configured.

    流式处理策略主题详细介绍了哪些流式处理策略与哪些内容密钥策略匹配。The Streaming policies topic gives details on what streaming policy matches what content key policy.

  6. 选择适当的流式处理策略后,可从下拉列表中选择内容密钥策略。Once you select the appropriate streaming policy, you can select the content key policy from the drop-down list.

  7. 按“添加”,将流式处理定位符添加到资产。Press Add to add the streaming locator to your asset.

    该操作将发布资产并生成流式处理 URL。This publishes the asset and generates the streaming URLs.

流式处理定位符

清理资源Cleanup resources

如果想学习其他快速入门,请保留创建的资源。If you intend to try the other quickstarts, you should hold on to the resources created. 否则,请转到 Azure 门户,浏览到资源组,选择运行本快速入门所用的资源组,并删除所有资源。Otherwise, go to the Azure portal, browse to your resource groups, select the resource group under which you ran this quickstart, and delete all the resources.

后续步骤Next steps

管理资产Manage assets