Reputation: 21
Need to apply for CCATS if using simple XOR cipher?
iTunesConnect states that developers need to get a CCATS Classification if using encryption in the app. My app uses a simple XOR obfuscation cipher when transferring data over HTTP. Does this still fall under that requirement? If not, then what type of encryption need to be CCATS classified?
Upvotes: 2
Views: 825
Answers (1)
Reputation: 683
I am not qualified to offer legal advice.
Your probably need to consult with a lawyer to get a answer, as this is a legal matter.
I read the regulations here. My opinion is that if it is a publically available symetric algorithm, which XOR is, as long as the key length is 64-bit or less, then you don't need a license. So, if your key length is 64-bits or less, you do not fall under that requirement.
Again this is just my opinion, but from reading Title 15.B.VII.C.742.15, encryption that needs to be CCATS classified is:
- symetric encryption that uses key lengths longer than 64-bits
- proprietary (non-public) encryption with key lengths longer than 56-bits
- asymetric key exchange algorithms with key lengths greater than 512-bits
- elliptic curve algotihms with key lengths greater than 112-bits
Upvotes: 2
Related Questions
- Issue using CCCrypt (CommonCrypt) in Swift
- Does the usage of CCCryptor warrant French import declaration certificate?
- XOR Encryption in Swift IOS
- Encryption Registration Number (ERN) or CCATS required for client/server encryption?
- CCATS on iOS AppStore and encryption
- CCKeyDerivationPBKDF on iOS5
- Do I need to submit CCATS?
- When To Check the "This Application Uses Encryption" Box?
- CCATS needed for non-export iPhone app?
- iPhone SDK - CCATS required if using Keychain Access?