• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Could I have broken the law by using SunJCE?!!

 
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have been developing a simple application where I need to encrypt and decrypt a short password sent by end user accross internet. The coding is working just fine. But I am worry whether I have violated the US cryptographic export restrictions by using these coding.
If I am, can anyone suggest an alternative to encrypt and decrypt the password?
Thank you all.

[ March 14, 2003: Message edited by: Steven Ho ]
 
author
Posts: 3252
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
IANAL[1], but I'd like to point out the following.
  • The export restrictions were much relaxed a few years ago. I don't have a clue what the restrictions (if any) with regards to Malaysia are.
  • Whatever the case may be, your code is certainly not in violation. You're just coding against an abstract API (JCE) and not implementing the actual encryption. At most, you might be guilty of illegaly exporting the Sun JCE implementation or the Sun JCE provider. There is legalese about this on the Sun website, you might read that.
  • If you are concerned about the legal position of either your Sun JCE implementation or the provider, you can switch to alternative implementations such as The Legion of the Bouncy Castle (to be taken a whole lot more seriously than the name may suggest). They're hosted in Australia and not subject to U.S. export regulations. You can use them as a JCE provider, or ditch the Sun JCE altogether and use their JCE reimplementation.
  • Last but not least, there may be rules and regulations in your country which control or limit the encryption you are allowed to use. I don't have a clue about this, but you might well want to check.

  • - Peter
    [1] I Am Not A Lawyer.
     
    Steven Ho
    Greenhorn
    Posts: 15
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Peter,
    Thank you so much, I am so relieved now. And I will examine the bouncycastle.org later.
    Steven
    [ March 16, 2003: Message edited by: Steven Ho ]
     
    Ranch Hand
    Posts: 49
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    We have been using Bouncy Castle in US and it is our security standard for all data encryptions/decryptions. Very cool...
     
    With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    reply
      Bookmark Topic Watch Topic
    • New Topic