Sunday, February 13, 2011

iOS encryption and export law

I may need to store passwords on a device for an upcoming iOS app. I would like to encrypt the passwords. I know from previous iTunes Connect submissions that there are questions about government export compliance when using encryption. I intend to sell (free app, actually) the app internationally. I did some research and found the following links. By the sound of it, I _think_ there are exceptions to an intimidating government review process when using encryption for authentication. I hope so.

Export Administration Regulations Database

Commerce Control List Supplement No. 1 to Part 774 Category 5 - Info. Security

Checklist on Encryption and Other “Information Security” Functions
-- "encryption review or notification is NOT required ... for ... limited forms of cryptography, such as authentication ...

No comments: