A Composition may be encrypted for secure distribution. When encryption is performed, only the Track Files are encrypted, in a file-by-file manner. The Composition Playlist (CPL) is not encrypted. Track Files may be selectively encrypted, where some Track Files are encrypted, and others are not. In practice, decisions concerning encryption are left to the content owner. A content owner, for example, may choose to encrypt picture but not sound or timed text files. When a Track File is encrypted, all essence in the file is encrypted. Essence in a Track File cannot be partially encrypted.
The encryption algorithm used in digital cinema is the well-known Advanced Encryption Algorithm (AES). AES is a symmetric encryption algorithm, a term explained in the Encryption section. In the digital cinema application, a 128-bit key is used. When encrypted, the essence within each Track File is encrypted with a unique key. No two Track Files utilize the same key. The Key Delivery Message (KDM), also discussed in the Encryption and Key Delivery Message sections, carries an encrypted version of each key used to encrypt the Track Files within the associated Composition. A KDM is required to unlock and play the Composition.
Only the essence, or the “Value” portion of the KLV packet, is encrypted. The metadata associated with the essence is exposed so it can be read when searching the file. This also allows an operator to play a Track File from any frame, regardless of encryption. The KLV packet with the encrypted essence is wrapped within another “special” KLV packet, along with associated cryptographic metadata. The “special” KLV packet simply carries encrypted content, without knowing the nature of its contents. The “special” KLV packet, carrying the encrypted KLV packet, is then wrapped in an MXF Track File as it would were it not encrypted. This arrangement is illustrated below.
More information about Track File encryption is available in SMPTE ST429-6 MXF Track File Essence Encryption.