AES256 encryption with JCE

Asked

Viewed 85 times

1

I am using AES256 encryption in a communication project and would like to know if there is any restriction on using this encryption with the Java Cryptography Extension Unlimited Strength Jurisdiction Policy (JCE), and what is the implication of the use of this JCE in the development of commercial Apps.

  • When you say "restriction on use" and "implication of use" you speak in technical, legal, regulatory terms, ...? I don’t understand exactly what you want to know. The AES-256 is a good algorithm, but alone it is useless (it takes a mode of operation/ padding, and unless both participants already know the symmetric key, a key trading method is also required). Usually it is used as part of a suite cryptographic, and standardized protocols usually support a very specific set of suites.

  • In this case, the restriction refers to the legal aspect, in relation to the terms of use imposed on the developers in the installation of this module. It seems that there is a restriction on the use of this module in some countries, which does not include Brazil. My question is whether this restriction is valid for applications developed in Brazil, and which are installed by users living in countries included in this restriction.

  • In that case, I’m afraid that question is outside Sopt’s purview. Although it is of interest, it would be difficult to find people who had (and could prove) expertise in these relevant legal aspects. Especially when it comes to the law of two different countries (cryptography in general is subject to export restrictions by the US, being classified as "ammunition"; I do not know what treatment it receives from Brazil, nor how this is in international law).

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.