CommonCrypto and export laws

Hmm, now that I read your answer and re-read my post, I didnt actually ask a question, thus I don't fully understand your answer. My fault.

I'll put two questions now, so I can be sure of this, I really don't want this kind of trouble, heh 🙂

1. What should I answer to that question?

2. Well, this isn't really a question, but if answer for 1 is No, then that means I will need a certificate from BIS. Because if I answer no, another set of questions will start appearing, all leading to "present a CCATS/BIS" ending.

Cheers.

hmmm

What was the purpose of the "CommonCrypto is used by iOS, so you're not using anything unique you need to report" argument?

I mean, if I'm using something already used in iOS, therefore NOT using anything unique, why am I required to present a CCATS/BIS documents, but if I would have used something unique I didn't have to present any extra documents?

Because if I answer yes to the question, I can freely continue, if I answer no to the question I have to present extra documents... :S

So, basically, using something unique -> freely carry on, not using anything unique -> extra papers. Makes no real logic(to me at least).

Sorry if I'm being dumb here, but I really have no idea how this export law works 😟

edit: you edited while I was writing this. but thats where u are wrong, answering No continues the set of questions, answering yes stops.

http://imageshack.us/photo/my-images/26/screenshot20110801at251.png/

only if I answer No to the first question, the chain of questions stops, but that would be lying, wouldnt it? It's true that what I'm encrypting is not even close to what Apple/the Gov cares about, but still :S

"When adding an app, you are asked if you've included any encryption requiring export declaration (anything unique/not already authorized) - you can at that point only say 'yes' or 'no'."

Actually, as you can see in the screenshot I posted, you are asked, quoting from iTunes Connect

"Is your product designed to use cryptography or does it contain or incorporate cryptography?" - Doesnt say anything about export/unique/authorized/export declaration. YET. and when it does, it gets messy

I already mailed them, xnav, waiting for them to reply, only that it takes forever 😟

Are you sure about the AES thingie? Cos I could use AES64. ****, I could even use AES16, I only need it so people with Jailbroken phones/DiskAid won't go in and change highscores or the game flow.

So far I came up with an MD5 alternative, so that if someone does modify the file and the MD5 of the modified file obviously won't match the MD5 I saved when closing the app, it deletes all the highscores, but this isn't really elegant at all 😟

@xnav I honestly have no idea how encryption works(while I do know what AES/DES stand for, I dont really understand the works behind them), I just found a blog(http://iphonedevelopment.blogspot.com/2009/02/strong-encryption-for-cocoa-cocoa- touch.html) where a guy made a custom AES category, then another guy came up with this:

http://pastie.org/426530

and I just used it. if you would be willing to give me more info, I'd be really gratefull.

@KT Unfortunately, I AM using CC outside the keychain. I'm taking the current highscores from the file decrypting the data there, adding a new score to the array, encrypt the new data, save it back to the file :S

Can I actually do this inside the keychain? Doesn't sound really reasonable to me 🙂

Now onto plan B, it's the same as above, obviously, but without the encryption

What do you mean the plan isn't original enough? When I'm about to save the highscores I make a string out of my scores array, make an MD5 out of it, save that MD5 to a scores.hash file, then save the array into a score.txt file. When I read the highscores, I make an MD5 from the array I just read from scores.txt and it has to be the same as the MD5 string saved into scores.hash.

Now, I thought about "I can just take your data from scores.txt and guess how you made that MD5, modify the data, create a new MD5 which Ill manually put in your scores.hash file and presto", so I added a 'key' to the string that Im making the MD5 out of when adding, also when reading.

So if my scores are 100, 150, 200, the string is 100150200randomstring, so unless you guess that randomstring, I should be safe. Right? 😝

Could use some tips on it if you think it's still not that great, please

Cheers.

@KT true :p and ofc I googled my *** off first, hehe

well, all i can do is see how it works out, I don't think many will take the time to crack the MD5 to find that random string, and even if, some protection is still better than plain text where anyone can change it.

@xnav and that wont be subjective to export laws anymore? Won't I'd still be using encryption?