Skip to main content
Skip table of contents

DAS Client for Android Integration Guide

Download and unzip the following release files to see the SDK and source code details.

  • dasc-sdk-android-5.0.x-release.aar

    This contains the release variant of the SDK.

  • dasc-sdk-android-5.0.x-debug.aar

    This contains the debug variant of the SDK.
  • dasc-sdk-android-5.0.x-sample-app-src.zip
    This contains the source code for a reference application demonstrating SDK integration.
  • dasc-sdk-android-5.0.x-javadoc.jar
    This contains the javadocs for the SDK.

Adding the SDK to your project

You can add the SDK to an Android Gradle project by adding your desired variant to your dependencies block in your build.gradle file. There are several ways to do this; NAGRA recommends adding it to your libs/ folder and using the excerpt below.

GROOVY 
…
dependencies {
	…
    implementation fileTree(include: ['*.aar'], dir: 'libs')
	…
	// These are transitive dependencies needed by the SDK, but not included in our .AAR
    implementation "androidx.annotation:annotation:1.2.0"
    implementation "androidx.appcompat:appcompat:1.3.1"
	…
}
…

Using the SDK within your application

The source code inside dasc-sdk-android-5.0.x.x-sample-app-src.zip contains an Android application that can be used as a reference for integrating SDK. Further information can be found in dasc-sdk-android-5.0.x.x-javadoc.jar.

A customer-specific Operator Vault file (not provided with the SDK or the sample application source) is required to match your SSP configuration. In the sample application source, there is also a configuration file that requires adjustments. Please refer to the README.md file included in the dasc-sdk-android-5.0.x.x-sample-app-src.zip package.

The general operations you will need to use are these:-

Access DAS SDK instance

The DAS SDK instance is a singleton accessed through DasApi.instance(). The default DRM scheme when initialising is Widevine, but others can be used by passing the UUID of the scheme as a parameter, for example DasApi.instance(Das.CONNECT_UUID).

Widevine requires no other initialisation, but others may.

Authenticate device and exchange secure keys

A POST request to the Authenticate endpoint of your DAS server ({server_url}/das/v1/{drm_scheme}/authenticate) will need to be made to initially register the app/device on the server. In the example application, the Retrofit library defines the DAS API endpoints available and makes HTTP requests. See the com.nagra.das.testapp.service package, in particular DasService.java, for details on how that is used.

  • See the method doAuthenticationRequest() in MainActivity.java for how this can be done.

The response from the Authentication request is not needed for any further actions but gives you the server ID and user-friendly model name of the device.

Once that has been done Secure Key Exchange requests can be made ({server_url}/das/v1/{drm_scheme}/secureKeyExchange).

  • See the method doSecureKeyExchange() in MainActivity.java for how this can be done.

The important thing to note with Secure Key Exchange is that Das.instance().importKeys() must be called on successful response, passing the encryptedSessionRight element of the response as a parameter. Only then can the other functions be used.

Both of these requests use the DRM challenge string returned from com.nagra.das.sdk.AuthenticationData.dasMessage(). See the DAS API documentation for more information on the format of these requests.

Note

The authenticate does not need to be done before each key exchange, but key exchange will fail if authentication has not been done at least once.

Encrypt/decrypt data

For encryption or decryption of a payload use Das.instance().encrypt() or Das.instance().decrypt(), passing the ClientSession obtained from Das.instance().getAuthenticationData().authSession along with the operator key ID, the encryption initialisation vector and payload to be encrypted.

  • See encryptClick() and decryptClick() in MainActivity.java.

Sign/verify data

To sign a payload use Das.instance().sign(), again passing Das.instance().getAuthenticationData().authSession, operators key ID and payload.
To verify a previously signed payload use Das.instance().verify() passing Das.instance().getAuthenticationData().authSession, operators key ID, payload, and signature obtained from Das.instance().sign().

  • See signClick() and verifyClick() in MainActivity.java.

Multi-DRM

When using multiple DRM systems in your application, you will need to ensure that com.nagra.das.sdk.Das.releaseInstance() is called and the new instance is initialised before attempting to exchange keys again.

CONNECT DRM

An opvault file must be loaded when the DAS instance is initialised to use CONNECT DRM, as shown below.

JAVA 
DasApi dasApi = Das.instance(Das.CONNECT_UUID);
//set opvault for connect, where opvault is a byte[]
dasApi.setPropertyByteArray("nagraOpVault", opvault);
AuthenticationData authenticationData = dasApi.getAuthenticationData();
authSession = authenticationData.authSession;
return authenticationData;
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close