First a small preface - this isn’t DRM. Everything sent to the client is still accessible as far as rippers go (what can be seen, can still be copied - and DRM can’t fix that either)

With that being said - there are a number of cases where you may upload an asset onto a public grid for the purpose of transmitting it between a finite number of trusted regions. In this case, you dont want the grid operator to have full access to your content, nor do you want it transmitted onto untrusted regions.

What this allows you to do, is encrypt assets on upload - anyone can still download the assets, but only regions with the decryption key can access it. This effectively allows you to secure scripts and other content which is not transmitted to viewers - allowing if you tightly manage the decryption keys and combine with a tighter permissions module, to produce something like the way Second Life handles assets - even across a relatively untrusted and “open” grid.

You can install multiple decryption keys on one server - however only a single encryption key can be used at once (for obvious reasons - otherwise which key do you encrypt with when uploading?)

Some notes on what this can and cannot do

• First - this cannot protect assets once they hit the client, once they are on the client, all hands are untied and the content is potentially free. This does however let you limit the number of clients who can access the content on a public grid, by virtue of allowing you to have the asset only on a closed region within the public grid (therefor only a select number of users can see it.)
• Your decryption keys become your content - protect them with your proverbial life. These keys can be duplicated, copied, etc - you should only hand your keys over when you are certain that the person recieving the keys is trustworthy (a contract may be useful here) - you also should change your encryption keys regularly, you just need to rename the file then OpenSim will generate you a new one on startup.
• I would go so far as to say that having one key for every product may not be a bad idea - that way if the key leaks you dont lose everything - just whatever was signed with it.
• If you choose to encrypt your content on upload, then you will need to sure to rename the key to “.deckey” (from “.enckey”) then give that to everyone who you want to be able to decrypt the assets. If you transmit the key - make sure to do so in a secure manner such as SFTP/SCP/PGP, and not send it in the clear.
• Finally, if you lose your key, delete it or similar - you wont be able to unencrypt it (there’s no hardcoded backdoors or anything else), so make a safe backup of your keys somewhere

Final notes - archiver, etc

This is not a magic bullet solution - it has a very specific set of areas where you can benefit (ie if you dont nessecarily trust a grid operator, or want to carve out a ‘protected area’ within a larger grid and still use things like inventory without busting it up ala local assets) - that being said, in certain cases, it’s now possible to be ‘as secure’ as Second Life (which really isnt that secure, but that’s another topic entirely).

It’s also worth noting that anything that downloads assets on the region server, where the region server has a decryption key, will be getting decoded assets - this means the region archiver, etc. will be getting copies of the unencrypted assets - you should treat archives with protected content in them as exactly that (ie dont go sending them around assuming they are secure).