Creating Rights-Managed HTML Files

Article
08/15/2017

This topic describes how to create a rights-managed HTML file. A rights-managed HTML file is a compound file that contains MIME Encapsulation of Aggregate HTML Documents (MHTML) content that has been encrypted with Windows Rights Management (RM) technology and optionally compressed. Access to the unencrypted content is managed by the Rights Management Add-on for Internet Explorer or other client software, so that only the intended recipient can view, print, or otherwise interact with the MHTML content in its original format.

To create a rights-managed HTML file from MHTML content, complete the following steps.

Compress the MHTML Content
Encrypt the MHTML Content
Store the Encrypted Content
Write the Data Spaces Storage
Compress the Resulting Compound File

Compress the MHTML Content

Compressing the MHTML content is an optional step that can reduce the overall size of the resulting rights-managed HTML file. If content is compressed, compression should be done prior to encryption. After encryption, the data cannot be compressed as efficiently as it can before encryption.

Before compressing the content, add a storage under transforminfo and an entry in the data space map stream that refers to the new storage.

Note Content compressed with this compression transform must use a compression level of 9, and a window size of 32768 bytes.

Then, compress the content. The rights-managed HTML format supports the compression method used in zlib. The zlib public library is available from http://www.gzip.org.

For compressed streams in the rights-managed HTML format, the uncompressed content is divided into segments of 4096 bytes. Each block of the compressed stream contains the following:

Type	Name	Description
ULONG	marker	Must be 0x0FA0.
ULONG	OriginalSize	Size of the uncompressed data. Usually 4096. The last block may be less.
ULONG	CompressedSize	The size of the compressed data.
BYTE[]	CompressedData	The compressed data segment.

Encrypt the MHTML Content

Encrypt the MHTML content, or the compressed MHTML content, using the RM client software development kit (SDK). In addition to the encrypted content itself, maintain references to the signed issuance license and the content owner's end-user license. Both of these are used when creating the data spaces storage.

Store the Encrypted Content

Place the encrypted MHTML content in a stream in the root storage of the compound file. This stream must be named \0x09DRMViewerContent.

Note Rights-managed HTML that references external script or behaviors is not supported.

Write the Data Spaces Storage

Write the data spaces storage as described in Data Spaces Structure for Rights-Managed Content.

The signed issuance license must be stored in the primary stream for the encryption transform definition.
Optionally, one or more end-user licenses can be placed in streams in the encryption transform definition storage. Typically, the end-user license for the content owner is stored here.
The data space map stream must include an entry that maps a data space to the \0x09DRMViewerContent stream.

Compress the Resulting Compound File

The final step is to compress the resulting compound file with the compression method used in zlib (library available http://www.gzip.org). This is an optional step that can help reduce the overhead associated with storing data in a compound file. Even if you compress the MHTML content before encryption, you can still recognize a reduced file size by compressing the compound file.