Topic: KDM...

Hi, is there any open or free app to generate KDM?

Thanks

Brian

Re: KDM...

Not really, it's generally not something useful for the typical user of OpenDCP.

Re: KDM...

Most people using OpenDCP are not creating high value content in which there is a significant risk of financial loss or incentive that outweighs the complexity of KDMs. Most film festivals do not accept encrypted material.

Re: KDM...

tmeiczin wrote:

Most people using OpenDCP are not creating high value content in which there is a significant risk of financial loss or incentive that outweighs the complexity of KDMs. Most film festivals do not accept encrypted material.

As far as I understand, creating KDMs also means one has to know details of every cinema and it's projectors and players there is in the country you're targetting. AND keeping track of these changes. This is a considerable amount of pain.

So if the business may drift to SaaS online KDM registries,
wouldn't creating encrypted masters be a good thing for opendcp?
Or am I simplifying too (horribly) much?

But another question:
I managed to make an encryption workflow (commandline) with certs creation and mxf/xml,
but I didn't understand what files exactly a KDM facility would need from me.

greets
manu

Re: KDM...

harry_v wrote:

Of course you need to know what server device you'r making for kdm, but not projector. As I know there are two types of servers: Dolby & DoReMi. To create kdm you need server's certificate (each server has own cert), which you can download via ftp or web (google it). You should better read about cinemaslides, there is a lot useful info

I don't think so. (?)
I work at a cinema, and we get each KDM "personalized" for the room/projector.
Also, here in Switzerland each cinema has a secure checklist to hand to KDM people upon request, which includes the identification of the projector.

Are you sure these lists are public?
I think Dolby, Doremi and the others may have public server certs, but not these specifics,
because in the beginning of a hardware cycle, cinemas get lot of requests for their tech coordinates...

Re: KDM...

harry_v wrote:

Well, I don't know anything about "KDMs personalized for the room/projector" as you say, only about "personalized for server". Maybe you are right, but I made encrypted DCP and to create KDM I needed only server's cert. And the server successfully ate this KDM, the DCP played normally. What I did wrong?

What server was this? A Doremi?
Could be my information was just an office-ish communication of contracts. I wouldn't look into the KDMs myself.
We have a Dolby, and I have a question open at our service company. I think that will clear it up. And you say you found indices of servers on the net?
Thanks

Re: KDM...

Hi again

I've come accross a lot of certs and even found our own little cinema on a UK dolby server. That was like "oh what are YOU doing here?" ;-)

I'm checking with local KDM managers for a continued workflow for delivery.
So I'm not targetting KDM-to-Cinema.
But I'd like to ask a few more things please.

I learned that opendcp_xml is able to produce a full encrypted package using defined certificates,
and I try to find out how far this process goes into KDMs, so as where to take over the used specs and go on to cinemaslides for producing KDMs (lets say "DKDMs") for the KDM facility.


The MXF containers where encrypted with

-k | --key <key>        - set encryption key (this enables encryption)
-u | --key_id <key id>  - set encryption key id (leaving blank generates a random uuid)

compendium files where finalized using

-s | --sign           - Writes XML digital signature
-1 | --root           - Root pem certificate used to sign XML files
-2 | --ca             - CA (intermediate) pem certificate used to sign XML files
-3 | --signer         - Signer (leaf) pem certificate used to sign XML files
-p | --privatekey     - Private (signer) pem key used to sign XML files

What I don't understand:
Does using opendcp_* like this actually produce a kind of "master intermediate", against which I must produce KDMs using the same certificates, the encryption key and id PLUS the fresh cert of the target facility?

Is it so that opendcp goes this far (for a reason of course), and I must go on with a tool like cinemaslides (for -kdm) now?

(I hope it's ok mentioning it here, as there also seem "links" from Mister Woehl to opendcp)

Also, I found a note of Dolby from 2008 on their server, that Dolby seem to have made a step to using two intermediate certs instead of one, and DoReMi also seems to provide these on its servers, is this just neglectable for the time being?

Thanks a lot!
Best
M

Re: KDM...

harry_v wrote:

Well, I don't know anything about "KDMs personalized for the room/projector" as you say, only about "personalized for server". Maybe you are right, but I made encrypted DCP and to create KDM I needed only server's cert. And the server successfully ate this KDM, the DCP played normally. What I did wrong?

Maybe a hint:
Dolby lists per-cinema, containing a cert for each screen. Where as DoReMi and Qube sort by serial, which is indistinguishable.