iOS Submitting applications that contain encryption algorithms

miniConvert said:

Has anyone submitted an iPhone application that includes public key and/or 3DES encryption?

If so, did you have to take any additional steps or get any kind of certification before submitted the application to Apple?

I'm in the UK, if that makes a difference. TYIA for any help!

Click to expand...

The CommonCrypto library supports RSA (http://developer.apple.com/iphone/l...ce.html#//apple_ref/c/func/SecKeyGeneratePair) and SSL (presumably implemented with AES but haven't played with it to confirm).

The bigger issue is export restrictions; there's a tick box when you go to submit regarding encryption, I've never followed it but I imagine it offers more detail on forms, etc.

miniConvert said:

Thanks, yes it's the export restrictions I'm curious about.

Anyone who has experience of this, your input would be greatly appreciated. What hoops, if any, did you have to jump through?

Click to expand...

yes. essentially it breaks down like this.

if you are using 1-way encryption known as hashing you are fine. ie. SHA, MD5, etc.

If you use two-way encryption then you are either:
using it for the purpose of authentication (i.e PKI type) or doing the full authentication + encryption scheme

Both are the those two radio boxes when submitting an application.

I personally avoided the whole fiasco and dealing with the US state dept. so i created a equivalent strength security protocol for the purposes of authentication against a server from an iPhone endpoint by using only 1-way encryption. it is mathematically almost equivalent to a PKI strengths minus some assumptions.

I did not need to encrypt data after authentication since it was not sensitive and using 2-way encryption for authentication was more hassle, certificates, etc. no point. these are consumer grade products.

J