CENC (Common Encryption, ISO/IEC 23001-7) is the standard that lets one set of encrypted media segments be unlocked by multiple DRM systems. It separates encryption from key management: the media is encrypted once with a content key, and each DRM (Widevine, PlayReady, FairPlay) simply provides its own way to deliver that key. This is what makes multi-DRM economical — package once, license per device.
Common Encryption defines two protection schemes that share the same content but differ in how the bytes are encrypted: cenc (AES-CTR, counter mode) and cbcs (AES-CBC with pattern encryption). Historically Widevine/PlayReady used cenc while FairPlay required cbcs, which forced two copies; the industry has since converged on cbcs so a single CMAF set serves all three.
The DRM-specific information (which key, which license server) travels in PSSH boxes in the file and in the manifest, so the player knows how to request a license for whichever DRM the device uses.
