• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Could I have broken the law by using SunJCE?!!

 
Steven Ho
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have been developing a simple application where I need to encrypt and decrypt a short password sent by end user accross internet. The coding is working just fine. But I am worry whether I have violated the US cryptographic export restrictions by using these coding.
If I am, can anyone suggest an alternative to encrypt and decrypt the password?
Thank you all.

[ March 14, 2003: Message edited by: Steven Ho ]
 
Peter den Haan
author
Ranch Hand
Posts: 3252
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
IANAL[1], but I'd like to point out the following.
  • The export restrictions were much relaxed a few years ago. I don't have a clue what the restrictions (if any) with regards to Malaysia are.
  • Whatever the case may be, your code is certainly not in violation. You're just coding against an abstract API (JCE) and not implementing the actual encryption. At most, you might be guilty of illegaly exporting the Sun JCE implementation or the Sun JCE provider. There is legalese about this on the Sun website, you might read that.
  • If you are concerned about the legal position of either your Sun JCE implementation or the provider, you can switch to alternative implementations such as The Legion of the Bouncy Castle (to be taken a whole lot more seriously than the name may suggest). They're hosted in Australia and not subject to U.S. export regulations. You can use them as a JCE provider, or ditch the Sun JCE altogether and use their JCE reimplementation.
  • Last but not least, there may be rules and regulations in your country which control or limit the encryption you are allowed to use. I don't have a clue about this, but you might well want to check.

  • - Peter
    [1] I Am Not A Lawyer.
     
    Steven Ho
    Greenhorn
    Posts: 15
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Peter,
    Thank you so much, I am so relieved now. And I will examine the bouncycastle.org later.
    Steven
    [ March 16, 2003: Message edited by: Steven Ho ]
     
    Sandep Chaturvedi
    Ranch Hand
    Posts: 49
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    We have been using Bouncy Castle in US and it is our security standard for all data encryptions/decryptions. Very cool...
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic