encryption software in iphone and export laws

The response I received from Apple legal on the same topic was "yes you have to have appropriate CCATS document on file even if you're using CommonCrypto". Went round and round for a bit on it, and still disagree but am not willing to risk the potential headache.

rob.

So, also md5 will fall into this case ?

Hashing is not encryption, it's a one way function.

Encryption is something you can decrypt, either with a symmetric key or a public/private key like RSA.

This is holding me up as well.
The 742.15(b)(1) and (b)(2) are complicated as ****.
You have to get SNAPR registered apply online do all kinds of crap.
I see some apps are using "built in" 256bit AES.
Did these guys go through this approval? how long did it take them?
I'm hobbling my app to 64bits until I can get through all the crap that
this export stuff requires.

It would be GREAT if someone could write down all the steps that it
takes so others can follow. I'm just NOW starting to beat my head
against this brick wall, but I am recording all the steps and durations.

Scott
btw: I'm told even if I did a rot13 I'd have to get reviewed. Even a simple
ceasar cipher. Kind of a joke, I think. I've read two sides of the coin, one
that this is basically unenforceable and two, they're so anal that they will
come after you even for a rot13. Of course, I don't need the ADDITIONAL
government headache, so I'll continue to bleed from the ears until something
gets approved. Lets see, 10 apps... will need to get reviewed... lovely.
I figure BIS is gonna know me on a first name basis pretty soon.

The source code to CommonCrypto is available here: http://www.opensource.apple.com/darwinsource/10.5.4/CommonCrypto-32207/

I'm not sure if it's the same version as in the iPhone OS, but seeing as the CommonCrypto source code has not changed since the release of Leopard, it probably is.

Does anyone have an opinion, and/or experience with an application that uses SSL?

I want to encrypt a credit card. The purchase is not for a hard good, but instead for a (legitimate) service based in the US only.

None of the sales transactions would involve anyone outside the country. Well, it might, but it would be the equivalent of paying for a cab ride in New York. If your not in the cab, whats the point of encumbering the charge.

Hi Scott,

did you get through already? It seems I have to go through this as well (at least only for one app), so it would be interesting to hear if it worked out for you.

Cheers,
Michael

Does this thing continue?

So i have to send login informations to server as plaintext?
Is this meaningful?

If i can not use encryption in my iphone app, how to do some certain things...

We just posted a detailed, practical guide to obtaining mass market encryption commodity classification for iPhone applications:

http://www.zetetic.net/blog/2009/08/03/mass-market-encryption-commodity-classifi cation-for-iphone-applications-in-8-easy-steps/

It covers all the steps and forms required by SNAP-R and even includes templates for supporting documents like the introductory letter of explanation and technical specification.