Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS Submitting applications that contain encryption algorithms

miniConvert

miniConvert

macrumors 68040
Original poster
Mar 4, 2006
3,264
3
Kent, UK - the 'Garden of England'.
Has anyone submitted an iPhone application that includes public key and/or 3DES encryption?

If so, did you have to take any additional steps or get any kind of certification before submitted the application to Apple?

I'm in the UK, if that makes a difference. TYIA for any help!
:apple:
 
miniConvert said:
Has anyone submitted an iPhone application that includes public key and/or 3DES encryption?

If so, did you have to take any additional steps or get any kind of certification before submitted the application to Apple?

I'm in the UK, if that makes a difference. TYIA for any help!
:apple:
Click to expand...

The CommonCrypto library supports RSA (http://developer.apple.com/iphone/l...ce.html#//apple_ref/c/func/SecKeyGeneratePair) and SSL (presumably implemented with AES but haven't played with it to confirm).

The bigger issue is export restrictions; there's a tick box when you go to submit regarding encryption, I've never followed it but I imagine it offers more detail on forms, etc.
 
miniConvert said:
Thanks, yes it's the export restrictions I'm curious about.

Anyone who has experience of this, your input would be greatly appreciated. What hoops, if any, did you have to jump through?
Click to expand...

yes. essentially it breaks down like this.

if you are using 1-way encryption known as hashing you are fine. ie. SHA, MD5, etc.

If you use two-way encryption then you are either:
using it for the purpose of authentication (i.e PKI type) or doing the full authentication + encryption scheme

Both are the those two radio boxes when submitting an application.

I personally avoided the whole fiasco and dealing with the US state dept. so i created a equivalent strength security protocol for the purposes of authentication against a server from an iPhone endpoint by using only 1-way encryption. it is mathematically almost equivalent to a PKI strengths minus some assumptions.

I did not need to encrypt data after authentication since it was not sensitive and using 2-way encryption for authentication was more hassle, certificates, etc. no point. these are consumer grade products.

J
 
Anyone who has actually gone through the process of successfully submitting an application containing public key and/or 3DES encryption?

Details of your experience would be greatly appreciated. As I mentioned previously, I'm submitting to Apple from the UK.
 
No one with actual experience of the process?

I appreciate that for many (!) of the applications in the App Store the idea of encryption is highly irrelevant.

FWIW, I've requested credentials to access SNAP-R by fax as instructed but heard nothing back as yet.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back