什么构成出口合规性的“加密”(例如在App Store中)? [英] What constitutes 'encryption' for the purpose of export compliance (e.g. in App Store)?
问题描述
将应用程序提交到iOS App Store时,需要申报一个应用程序是否包含加密(据我所知,还要经历其他管理障碍)。
When submitting an app to the iOS App Store, one is required to declare whether the app "contains encryption" (and, as I understand, go through additional administrative hurdles).
在这种情况下,是否有人知道关于加密一词究竟涵盖的内容的任何指导?
Does anyone know of any guidance on what precisely is covered by the term "encryption" in this context?
他们是指:
- 特别是加密安全加密方案(AES,RSA等);
- OR,任何方案或方法,可能在日常用语中被称为加密,或者是加密弱的标准方案的变体?
- specifically cryptographically secure encryption schemes (AES, RSA etc);
- OR, any scheme or method that might in everyday parlance be referred to as 'encryption', or a variant of a standard scheme that is cryptographically weak?
具体来说,我打算使用一些弱方案来保护一些应用程序的资产免受偶然黑客攻击,例如:通过使用从(非加密)随机数生成器生成的字节串对文件中的数据进行异或。如果你喜欢,它将是一个一次性填充,但密钥实际上并不是加密随机的:只需要随机,以便有人想要窃取数据需要进行少量的努力,而不仅仅是复制文件中的数据'。
Specifically, I was intending to use some weak scheme to protect some of the app's assets against a casual hacker, e.g. by XORing the data from the file with a string of bytes generated from a (non-cryptographic) random number generator. If you like, it would be a "one time pad", but where the key isn't actually cryptographically random: just random enough so that somebody looking to steal the data would need to go to a small amount of effort beyond 'just copying the data out of the file'.
因此,出于声明的目的,这将被视为使用加密,即使它实际上不是加密安全形式的加密?我正在做的是足够普遍的做法,我猜其他开发者已经使用这样的程序提交了应用程序:您是否必须将应用程序声明为使用加密?
So, for the purposes of the declaration, would this count as using "encryption" even though it's not actually a cryptographically secure form of encryption? What I'm doing is common enough practice that I'm guessing other developers have submitted apps using such a procedure: did you have to declare the app as using encryption?
(例如,iTunes Connect Guide没有对此事进行任何进一步的说明。)
(The iTunes Connect Guide, for example, doesn't give any further specification on this matter.)
推荐答案
这流程图可能会帮助您获得在正确的轨道上。它表明,如果加密仅限于版权保护/知识产权,则它可以免于审查。我从BIS主页获得了这个流程图。该页面由iTunes连接中名为 App Store的全球贸易合规性的常见问题解答引用,其中声明您可以申请豁免:
This flow chart will probably help you get on the right track. It indicates that if the encryption is limited to copyright protection / intellectual property then it is exempt from the review. I got to this flow chart from the BIS homepage. That page is referenced by the FAQ entitled World Wide Trade Compliance for the App Store in iTunes connect which states you can claim exemption:
(i)如果您根据BIS提供的指导确定您的应用未被归类为EAR的第5类,第2部分
(i) if you determine that your app is not classified under Category 5, Part 2 of the EAR based on the guidance provided by BIS
希望这有助于清理一些事情。
Hope this helps clear things up a bit.
编辑另一个有趣的部分就是这个,如果出现以下情况,您可以申请豁免:
EDIT Another interesting section is this, you can claim exemption if:
(iii)您的应用使用,访问,实现或合并加密密钥长度不超过56位对称,512位不对称和/或112位椭圆曲线
(iii) your app uses, accesses, implements or incorporates encryption with key lengths not exceeding 56 bits symmetric, 512 bits asymmetric and/or 112 bit elliptic curve
这篇关于什么构成出口合规性的“加密”(例如在App Store中)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
