Encrypting Media

Navigation:  Pandoras Box > User Interface - Master > Tabs Overview > Media Encryption >

Encrypting Media

prev main next

Navigation:  Pandoras Box > User Interface - Master > Tabs Overview > Media Encryption >

Encrypting Media

prev main next


To open the Media Encryption Tab, please click on 'Tabs' in the Toolbar - Media Encryption.


In order to encrypt media files please follow these steps:


Click "Create Key" in the Media Encryption tab to generate a Creator Key .The appendix "[Creator Key]" is automatically added to the given name.


Now choose the media files (MPEG or WAV) which are part of your project and add them to the key via the "Add Files" command. If you have chosen a file by mistake, select it and click "Remove Files".


Select the command "Encrypt" to start the actual encryption. The "status" and "%" row inform you whether the media is unencrypted, in progress or already encrypted with the chosen key. As a rule of thumb, two minutes fullHD footage take 10sec to be encrypted.
Already encrypted files will not be encrypted again, there is no need to remove them from the list.

The encrypted files (mpx or wax) are saved in the same sub folder on your hard disk as the original files. Please note that another encryption with a second key will overwrite the first file when the original file was not moved to another folder.
The encrypted files are automatically added to the project and will be shown in the list as soon as you choose the used key via the drop down menu. The list helps you to keep an overview and to allocate the key if you have forgotten it.

You may choose whether you want to encrypt the files before even assigning the policy. This is because the key encrypts the media. The policy validates the key and has nothing to do with the media itself.


In order to setup the time limit, please choose "Create".
In the pop up dialog choose a Creator Key from the drop down list. This will join the policy and the key. Metaphorically speaking it imprints the necessary meta information on the key. Only then, the key is of value for the end customer.
A policy will always remember the key it was allocated to at last.

Time Limit:

Choose if you want to have an unlimited policy or a time-based encryption.

How does a time-based policy work on a Media Dongles?
After having chosen a time restriction including the day and time, the time difference to your local time will be added to the time reference on the Media Dongle, and later on from the dongle to the customer´s time. This way the timeout is always calculated correctly even if the system´s time has changed.

Key Delivery:

encryption_export-keyIt doesn't matter which string you export first. For security reasons there is no text file generated automatically on your hard drive. Select the "Export Key" button to generate the key string. Click the "Copy" button and insert the string to a file of your choice or into an email directly. The key is always transferred digitally.


The policy string can be transferred as a "digital policy" or as a more secure "dongle policy":

To export the policy string and send it for example via email, select the "Export" button and copy the string.

To write the policy string onto a Media Dongle, scroll further down to the list with "Active Policies" and select the site the Media Dongle is attached to. Then click the button "Assign" at the very bottom of the tab where it says "Change Dongle Policy On Selected Sites". The list will update automatically and the column "Dongle" will show your policy. In case there was already an older policy string, it will be overwritten by the new data. The button "Clear" deletes the current policy from the dongle.
Now, you need to ship the Media Dongle to the customer and send the key via mail.

At any time you may rename the key and policy, this does not alter the functionality! The button "Edit" allows you to edit a policy before exporting it, you may either choose another Creator Key or  time-limit.

If you have created a key it is saved within the project and the appendix "[Creator Key]" is automatically added to its name. After exporting a Creator Key it will loose this special status and will become a regular key.
What is special about a creator key? Only the "creator" of a key can create a corresponding policy, exchange it with another policy or prolong the time limit if necessary.
As the creator of a key, you can always play the encrypted files – without a policy being required, even connected Clients will play them back. A creator key can only exist within the original project, the key is saved as a part of it. The project has to be kept/stored in case more files should be encrypted with that particular key or in case a Client demands content updates.
When exporting the key and importing it into a new project it will not be a creator key anymore. A regular key cannot be joined with another policy! The key will only be valid if the assigned policy is allocated and still active. This counts even when there are no specific limitations saved.

In general you can use any key in the system for encrypting media content, not just a creator key. Of course you are restricted to the originally assigned policy when choosing an imported key. Without the policy, no content can be played out.
Additional media files can be encrypted even later on using the same key as for the content before. As long as the customer is in possession of the key and the policy, he will be able to play out content that was encrypted at a later stage. In this case no update would be necessary.

Same distinction applies to policies. After creating a policy the appendix "[Creator Policy]" is added to its name. Only creator policies can be edited and load (creator) keys, in other words imprint the time stamp on them. After exporting a Creator Policy or writing it to a Media Dongle it will loose this special status and will become a regular policy. A regular policy cannot be edited at all, except of its name.

Please note: We strongly recommend to:
- use specified creator projects. If you want to use encrypted content yourself it is more secure to work with projects not containing the original creator key but the exported key.
- backup the creator projects to a separate place.
- keep encrypted content and the key and policy strings separate from each other.

It may be useful to create a data sheet to keep an overview which file was encrypted with which key+policy and to whom it was sent. In addition you may want to create a folder on your (external) hard drive where you copy the encrypted version to.