There is a lot of great work that is happening to support and enable AD RMS in the developer tools space and our latest post on the AD RMS developer's corner blog will really help those who have been wondering how to get started with rights-enabling their managed code (ex. C#) applications.
Check it out and feel free to pass the word on to any of your friends and associates who might be interested in developing AD RMS applications.
Hello, could be possible to apply AD-RMS to video or file formats?
I just have a question about extend RMS feature, i have intercept the response to clent and get UL at RMS server side,i just change user's right list but always broken RMS client.
so i just guess the problem are:
#1.Contains a digital signature of the BODY element in an Active Directory Rights Management Services (AD RMS) license or certificate.
#2. That is, AD RMS signs an XrML document by hashing the contents of the BODY element.
#3. and then by using a private key to encrypt the hash.
#1.client will decrypt the signature value with RMS server’s public key.
#2. Client will create an new hash value use the same SHA1 algorithm.
#3. Compare if they are same to make sure if the content was changed.
The broken issue is caused that I just change the right list but didn't re-hash the content and update the signed data so that client decline the data, is it true.
If i can get the server's priviate key and re-hash the body data and update the signature value, then i can change the content arbitray , is it true?
Another question is :
-<SIGNATURE>-<DIGEST><ALGORITHM>SHA1</ALGORITHM>-<PARAMETER name="codingtype"><VALUE encoding="string">surface-coding</VALUE></PARAMETER><VALUE encoding="base64" size="160">......</VALUE></DIGEST><ALGORITHM>RSA PKCS#1-V1.5</ALGORITHM><VALUE encoding="base64" size="1024">......</VALUE></SIGNATURE>
Base on the describe of microsoft document, i understant that we have the <Digest>....</Digest> block to signuature the body, but i don't know what's mean of "<ALGORITHM>RSA PKCS#1-V1.5</ALGORITHM><VALUE encoding="base64" size="1024">......</VALUE></SIGNATURE>" , no doument describe this stuff ,do you know what can it be used?
Hi Marcelo! RMS support traditionally relies on the client application to support the required file format. There's nothing that prevents a downloadable video from being encrypted with RMS as long as the client application is enhanced to support RMS. If that option is not available, generic protection is available (we have Rights Protected folders available today, and a beta of our new Generic Protection viewer client is available as well), they provide the same level of encryption and access controls, though once the video is opened in its non-RMS-enabled application the user will not see usage restrictions.
For video streaming (as opposed to downloading) Microsoft has a different solution called PlayReady, which may suit your needs.
@Tony: You are correct, we sign the whole PL and body so the document is tamper proof (though we don't claim to offer non-repudiation based on that, since the server does have the ability to modify the signed content).
There's a flag that can be set on a PL (“allow_server_editing”) that enables an authorized agent to modify the PLs. This flag and the PL structure are explained at
I would like to understand what is it that you are trying to do with this solution since there may be better approaches we can offer to achieve that. Please feel free to ping me directly to discuss it further.