Skip to content

cipherstash/cpix-cipherstash-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
rust-cenc
rust-cenc
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package.json
package.json
 
 
pnpm-lock.yaml
pnpm-lock.yaml
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

CPIX + CipherStash Example

A demonstration of encrypting and decrypting CPIX (Content Protection Information Exchange) data using CipherStash's ZeroKMS.

Overview

This project showcases a complete encryption workflow for protecting DRM keys in CPIX documents. It demonstrates:

  • Encryption (TypeScript): Encrypts CPIX sealed keys using CipherStash Protect.js
  • Decryption (Rust): Decrypts encrypted keys using cipherstash-client Rust crate.

The example handles CPIX rules for video streaming encryption schemes (CENC/CBCS), making it suitable for protecting content keys in video delivery workflows.

Future considerations (work in progress)

We are actively working on how to best integrate CipherStash with CPIX. Some considerations:

  • Using Lock Contexts to ensure data can't be decrypted after a certain date
  • Using ZeroKMS directly as the DRM key provider which will simplify the entire process
  • More things to consider around the CPIX format and how to best integrate with it

Prerequisites

  • Node.js (with pnpm)
  • Rust toolchain
  • CipherStash account with Client credentials

Environment Setup

Create a .env file in the project root:

CS_WORKSPACE_CRN=
CS_CLIENT_KEY=
CS_CLIENT_ID=
CS_CLIENT_ACCESS_KEY=

Installation

# Install Node.js dependencies
pnpm install

Usage

1. Encrypt CPIX Data

Encrypts the sample CPIX document and outputs encrypted data to output.json:

pnpm run protectjs-encrypt

Input: src/cpix.json - Sample CPIX document with encryption rules
Output: output.json - Encrypted CPIX data (ready for database storage)

2. Decrypt CPIX Data

Decrypts the encrypted CPIX data and displays the original keys:

pnpm run protectrs-decrypt

Input: output.json - Encrypted CPIX data
Output: Console output showing decrypted keys

Project Structure

├── src/
│   ├── index.ts       # TypeScript encryption logic
│   └── cpix.json      # Sample CPIX input data
├── rust-cenc/
│   └── src/
│       ├── main.rs    # Rust decryption entry point
│       └── lib.rs     # CPIX deserialization and decryption
├── output.json        # Generated encrypted output
└── package.json       # Project configuration

How It Works

  1. Encryption Flow:

    • Reads CPIX rules from src/cpix.json
    • Extracts sealed_key objects containing encryption keys
    • Encrypts keys using CipherStash Protect bulk encryption
    • Outputs encrypted data structure to output.json

  2. Decryption Flow:

    • Loads encrypted CPIX data from output.json
    • Deserializes into Rust structs
    • Decrypts all sealed keys using ZeroKMS using bulk decryption
    • Displays decrypted key information

License

For demonstration purposes only. Contact CipherStash for production use licensing.

Support

If you want to discuss this further, please book a meeting with us here.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages