Reputation: 4931
Is a digital signature considered encryption?
I make HTTP calls. I send data with a POST method. I do not encrypt my data, but I do pass a GET parameter with an encrypted SHA-1 hash (a simple home-made encryption). Would this be considered encryption (in that I have to contact NSA) even though I'm not actually encrypting the data but rather put a digital signature on it?
Upvotes: 2
Views: 280
Answers (2)
Reputation: 94038
Apart from me not being a lawyer (so this does not constitute legal advice), the application of cryptography in general does not require you to contact the NSA - they would be swamped. The (explicit?) export of applications to/from listed countries that are considered threats is a different matter, as is the export of API's that let others perform encryption/decryption. They are mainly afraid that they cannot read data from rogue states.
Of course, all this does not matter if you are not in the US, although other restrictions may apply (e.g. agreement of Wassenaar, apparently).
This could be a good starting point:
http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States
You can also have a look at the distinction between java.security and javax.crypto. It's there because of export control (javax is not considered part of the standard Java runtime, although it is meant for public access - it might however not be present on every Java platform). Signature, for instance, is in java.security.
For legal advice, contact a legal advisor or contact the institute within your country that deals with this.
[edit] Note that you should be careful not to expose an encryption function by accident, or you could still be required to contact the agency dealing with such matters.
Upvotes: 0
Reputation: 137497
Digitally signing something is not encrypting it. The two are very different. If you can still read the data in plain-text as it is transmitted, it is not encrypted. A digital signature exists to verify that something was not modified between the originator, and the verifier of the signature (recipient).
I would like to point out that "simple home-made encryption" has got to be one of the top sources of security problems on the web today. There are techniques and algorithms out there that are tried and proven. Don't re-invent the wheel; you can't do it as good as the scientists that create these sorts of things.
Upvotes: 6
Related Questions
- Does my application "contain encryption"?
- iOS verify digital signature
- Is base64 considered encryption in an iPhone app?
- iPhone signature capture
- Encryption and signature creation
- Does This Contain Encryption?
- Does HTTPS in my app considered "Encryption"
- HTTPS on iPhone - What kind of encryption?
- Is using SHA-1 considered an app with encryption?
- password encryption in iphone apps