Android应用程序加密的耳朵调控 [英] Android app with encryption regulated by the EAR
问题描述
我开发和Android应用程序。作为一个完全次要功能,它允许用户加密某些字符串。
I'm developing and Android app. As a completely secondary feature, it will allow users to encrypt some strings.
我知道AES(256位)更建议多DES(56位)来使用。不过,如果我使用AES-256和发布我的应用程序在Android Market,将我的应用程序由出口管理条例(EAR)的监管?
I know AES (256 bits) is much more recommended to use than DES (56 bits). However, if I use AES-256 and publish my app in Android Market, will my app be regulated by the Export Administration Regulations (EAR)?
http://www.bis.doc.gov/encryption/
我读过它调节软件,一键超过56位长加密。
I've read it regulates software which encrypts with a key longer than 56 bits.
我的应用程序不会真的管理绝密资料。这将允许用户互相发送加密邮件。它的目标几乎只有一个游戏,虽然有些用户可能会使用它的机密信息。
My app won't really manage top-secret information. It'll allow users to send each other encrypted messages. It's intended almost only as a game, although some users could use it for confidential information.
所以,你会建议我使用AES-256或DES-56?如果有人可以证实我不会使用AES-256我一定会用这个算法与EAR任何问题。
So, would you recommend me to use AES-256 or DES-56? If somebody can confirm I won't have any problems with EAR by using AES-256 I will definitely use this algorithm.
我不是美国公民,我不住在美国,但我已经在Android Market阅读,因为我会发表我的应用程序在谷歌的服务器,我的应用程序必须遵守美国的出口法律。
I'm not an U.S. citizen and I don't live in the U.S. But I've read in Android Market that because I'll publish my app in Google's servers, my app must follow U.S.'s export laws.
推荐答案
从谷歌的帮助页面:根据美国出口法律,Android Market的应用程序,可以从转移到禁运国家禁止因此,谷歌块下载到这些国家。
From Google's help page: "Under US export laws, Android Market applications may be prohibited from transfers to embargoed countries. Accordingly, Google blocks downloads to these countries."
虽然可能难以严格遵守,可以显示意图通过强制用户在应用程序启动首次之前接受EULA遵守法律这个问题。在最终用户许可协议,则应该要求用户接受他们不属于任何国家内,美国限制加密的出口来。如果你曾经被拉入法院(离谱不太可能),你可以将它们链接这个问题,并显示您的EULA,证明你做出了合理的努力遵守。
Whilst it may be difficult to strictly comply, you can display intent to comply with the law this issue by forcing the user to accept a EULA before the application starts for the first time. Within the EULA, you should require the user to accept that they are not within any country that the US restricts exportation of crypto to. If you were ever pulled into court (ludicrously unlikely) you can link them this question and show your EULA to prove that you made a reasonable effort to comply.
作为一个有点侧面说明,请记住,在Android手机本身包含了很多加密算法的实现(SSL需要他们一大堆),因此很可能会用户在这些国家非常低量
As a bit of a side note, keep in mind that the Android phone itself contains implementations of many cryptographic algorithms (SSL requires a whole host of them) and as such there will probably be a very low volume of users in those countries.
这篇关于Android应用程序加密的耳朵调控的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
