encryption export compliance documentation

Question

I have an app that uses SSL, and the CommonCrypto library for this code:

enum HMACAlgorithm {
    case MD5, SHA1, SHA224, SHA256, SHA384, SHA512

    func toCCEnum() -> CCHmacAlgorithm {
        var result: Int = 0
        switch self {
        case .MD5:
            result = kCCHmacAlgMD5
        case .SHA1:
            result = kCCHmacAlgSHA1
        case .SHA224:
            result = kCCHmacAlgSHA224
        case .SHA256:
            result = kCCHmacAlgSHA256
        case .SHA384:
            result = kCCHmacAlgSHA384
        case .SHA512:
            result = kCCHmacAlgSHA512
        }
        return CCHmacAlgorithm(result)
    }

    func digestLength() -> Int {
        var result: CInt = 0
        switch self {
        case .MD5:
            result = CC_MD5_DIGEST_LENGTH
        case .SHA1:
            result = CC_SHA1_DIGEST_LENGTH
        case .SHA224:
            result = CC_SHA224_DIGEST_LENGTH
        case .SHA256:
            result = CC_SHA256_DIGEST_LENGTH
        case .SHA384:
            result = CC_SHA384_DIGEST_LENGTH
        case .SHA512:
            result = CC_SHA512_DIGEST_LENGTH
        }
        return Int(result)
    }
}

extension String {

    func digest(algorithm: HMACAlgorithm, key: String) -> String! {
        let str = self.cString(using: String.Encoding.utf8)
        let strLen = UInt(self.lengthOfBytes(using: String.Encoding.utf8))
        let digestLen = algorithm.digestLength()
        let result = UnsafeMutablePointer<CUnsignedChar>.allocate(capacity: digestLen)
        let keyStr = key.cString(using: String.Encoding.utf8)
        let keyLen = UInt(key.lengthOfBytes(using: String.Encoding.utf8))

        CCHmac(algorithm.toCCEnum(), keyStr!, Int(keyLen), str!, Int(strLen), result)

        let hash = NSMutableString()
        for i in 0..<digestLen {
            hash.appendFormat("%02x", result[i])
        }

        result.deinitialize()

        return String(hash)
    }

}

Further I have 2 secrets inside the app to do some request to the server over SSL. One of the 2 secrets is only an part of the actual secret. There is some info appended when an user signs up. What do I need to enter at the export compliance at itunes connect?

Note: I'm going to sell my app at the Netherlands, Belgium, Germany and England.

I think I need to enter yes in the picture under this text:

And here I need to answer yes as well? Because I use https for each request.

Am I right about this? I'm afraid to answer wrong because I don't want to get in trouble etc.

yes.. you are right.. follow the link ( look for cryptography section) - https://developer.apple.com/library/content/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Chapters/SubmittingTheApp.html and http://stackoverflow.com/questions/2135081/does-my-application-contain-encryption ( Read tutorial given by Tige Phillips ) — Amod Gokhale, Jan 31 '17 at 14:37
@AmodGokhale So I do not need to validate or request some information from the US Government? — da1lbi3, Jan 31 '17 at 15:04
Because all apps are loaded on Apple servers in the United States, all apps are subject to U.S. export laws. See Cryptography and U.S. Export Compliance for more details about this step. This means you still need to validate as per above document — Amod Gokhale, Jan 31 '17 at 15:54
I'm voting to close this question as off-topic because it is not a question about programming. — dbugger, Jan 31 '17 at 16:33

encryption export compliance documentation

0 Answers0