问题
iTunesConnect states that developers need to get a CCATS Classification if using encryption in the app. My app uses a simple XOR obfuscation cipher when transferring data over HTTP. Does this still fall under that requirement? If not, then what type of encryption need to be CCATS classified?
回答1:
I am not qualified to offer legal advice.
Your probably need to consult with a lawyer to get a answer, as this is a legal matter.
I read the regulations here. My opinion is that if it is a publically available symetric algorithm, which XOR is, as long as the key length is 64-bit or less, then you don't need a license. So, if your key length is 64-bits or less, you do not fall under that requirement.
Again this is just my opinion, but from reading Title 15.B.VII.C.742.15, encryption that needs to be CCATS classified is:
- symetric encryption that uses key lengths longer than 64-bits
- proprietary (non-public) encryption with key lengths longer than 56-bits
- asymetric key exchange algorithms with key lengths greater than 512-bits
- elliptic curve algotihms with key lengths greater than 112-bits
来源:https://stackoverflow.com/questions/4882502/need-to-apply-for-ccats-if-using-simple-xor-cipher