API Reference

Fairplay DRM

Reference for protecting videos with Fairplay DRM

Gumlet allows you to protect your video content with encryption using Apple Fairplay DRM (Digital rights management). We have developed and deployed Fairplay Streaming Server which is also called Key Server Module (KSM) so you don't have to worry about complex Fairplay protocol implementation.

To enable Fairplay DRM for your organization you need to perform the following steps.

Request Fairplay Deployment Package

  1. Please go to the Apple FairPlay page.
  2. Click on the link to Request Deployment Package. You need to have a developer account before this.
    1. Sign up for a developer account if you don't have one - https://developer.apple.com/support/enrollment/
  3. If you are an organization you should use the organization account for this purpose. Companies outside the USA must obtain a DUNS number to create an organization account.
  4. After proceeding further, you should see a form to request the deployment package.

If you apply for the Deployment Package according to the input form, you will be issued a package containing the FPS Credential Creation Guide document after Apple’s confirmation.

During the application process, you will be asked if you have completed the implementation and testing of the Key Server Module (KSM). This can be answered by saying, ‘I am using a 3rd party DRM company and the company has already built and tested KSM’.

🚧

Kindly adhere to the outlined steps with precision, as Apple prohibits the deletion or re-creation of FairPlay Credentials for the associated account. Should you encounter any challenges or require further assistance, please do not hesitate to reach out to our support team at [email protected] via email.


Create Private Key and Certificate Signing Request (CSR)

Create a private key (privatekey.pem) file and a certificate signing request (certreq.csr) file by referring to the guide in the package. The following describes the OpenSSL method in the Generating a Certificate Signing Request section of the guide.

OpenSSL must be installed on the PC or server environment where this process is performed.


  1. Create a private key (privatekey.pem) file
    • Run the following command to generate the private key: 
      openssl genrsa -aes256 -traditional -out privatekey.pem 1024
    • Enter any password for the private key and make a note of it for later use.
    • The password should be shorter than 32 characters.
  2. Create a certificate signing request file
    • Run the following command: The contents of the -subj parameter can be modified to suit your organization.
    openssl req -new -sha1 -key privatekey.pem -out certreq.csr -subj 
"/CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US"
    • Enter the private key password from the above process.

Create FPS Certificate at Apple Developer Portal

  1. Log in to the Apple Developer Portal and navigate to the Certificate, IDs & Profiles menu.

  2. Press the + button on the top Create a New Certificate to create a new certificate.

  3. Select the FairPlay Streaming Certificate from the list.

    FPS Streaming Certificate

  4. Upload the certreq.csr file created in the previous step and click the Continue button.

  5. Copy the Application Secret Key (ASK), store it securely, paste it in the space below and click the Continue button.

  6. A pop-up will appear to confirm that you have recorded the ASK string separately. Click the Generate button.

  7. When the above process is completed, the certificate created with theFairPlay Streaming type will be displayed in the Certificates list.

  8. Download the FPS certificate file (fairplay.cer).

Add Fairplay Credentials to Gumlet

To add your Fairplay Credentials to Gumlet, go to the DRM Credentials page on the Gumlet dashboard. Upload Fairplay certificate (fairplay.cer), Private Key (.pem), and add the Application Service Key & the Secret Key Passphrase in the specified text field.