7 Replies - 3373 Views - Last Post: 03 August 2012 - 02:33 PM

#1 Sinned  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 207
  • Joined: 13-October 10

[Law] Big RSA keys outside USA

Posted 03 August 2012 - 01:20 PM

Hello everyone,

This is practically not a C/C++ question, but because I couldn't find another place to put this and I have been programming in C++ while working with RSA I posted it here.

I've been working with RSA for a while, and I think I fully understand all parts of it now.
So I come to the point of publishing some software with it. (Just low-scaled)

Now I heard about the fact that 1024-bit RSA keys (or above) are not allowed to be used outside the USA. (Additional info: I live in Europe)
I heard here could be taken heavy penalties on it. (like: $1,000,000 fines and long prison terms)
This isn't something to just ignore and I started worrying about it.

Now is my question:
Can I publish my software with a 4096-bit RSA public key (modulus) on the internet - without getting trouble with the (American) government?

I know my project is going to be very low-scaled and almost not even noticed by anybody outside my area, but I just want to know what these laws are about and how I have to take care of them.

Thanks,
Sinned

Is This A Good Question/Topic? 0
  • +

Replies To: [Law] Big RSA keys outside USA

#2 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 9073
  • View blog
  • Posts: 34,115
  • Joined: 12-June 08

Re: [Law] Big RSA keys outside USA

Posted 03 August 2012 - 01:32 PM

Well it depends.. what do you mean by "publish"? As in print on a disc and sale in a store? Why would the US come down on you - Netherlander'er?
Was This Post Helpful? 0
  • +
  • -

#3 Sinned  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 207
  • Joined: 13-October 10

Re: [Law] Big RSA keys outside USA

Posted 03 August 2012 - 01:38 PM

I don't say it would really happen that the US comes after me.
But it is about the idea - the concept.

Lets say I create a very large-scaled software application - which the whole world will use.
Then it doesn't matter for the US that I'm from the Netherlands, does it?

They want to keep big keys inside the US.

My question is not really about trouble I maybe could get.
I just want to know for what I have to look out (I can maybe adjust something to reduce any chance).
Was This Post Helpful? 0
  • +
  • -

#4 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3548
  • View blog
  • Posts: 10,989
  • Joined: 05-May 12

Re: [Law] Big RSA keys outside USA

Posted 03 August 2012 - 01:41 PM

Before the limit was bumped up to 1024, the way people got around the "munitions export" law (yes, encryption technology was classed along with munitions), was to just deliver source code, or publish a research paper. Never compiled runnable object code.

Supposedly the DMCA makes it illegal to even publish source code that can crack encryption. I don't know if the law also makes it illegal publish source code to do stronger encryption.
Was This Post Helpful? 0
  • +
  • -

#5 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 9073
  • View blog
  • Posts: 34,115
  • Joined: 12-June 08

Re: [Law] Big RSA keys outside USA

Posted 03 August 2012 - 01:47 PM

I am still unclear on why you are concerned. The US laws were formulated in WWII when encryption played a big part.. and the usual suspect of government agencies were concerned about folks making it easy for the bad guys to evade them with crypto going out to foreign countries.

Things like truecrypt exist so I am pretty certain your app is okay on the benign encryption front.. now what you are encrypting could be a different story.
Was This Post Helpful? 0
  • +
  • -

#6 Sinned  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 207
  • Joined: 13-October 10

Re: [Law] Big RSA keys outside USA

Posted 03 August 2012 - 02:06 PM

It is just I don't know enough about these laws, so I don't know where I have to worry about.
All I heard about is that big RSA keys may not be used/exported outside the USA.
I'm here to ask others what they know about this law, and till how far I have to worry about it.
A risk this big can't be taken by being too less informed. (Assume this is a heavily controlled law and they arrest everyone who breach it - I just don't know, and I cant find anything more than I already know)

BTW I though Truecrypt uses synchronous encryption (AES), this is an ISO standard and may be widely used.
RSA is a asynchronous encryption, this is where they made laws for. I thought.

This post has been edited by Sinned: 03 August 2012 - 02:08 PM

Was This Post Helpful? 0
  • +
  • -

#7 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 9073
  • View blog
  • Posts: 34,115
  • Joined: 12-June 08

Re: [Law] Big RSA keys outside USA

Posted 03 August 2012 - 02:13 PM

If you are that concerned it might be best to hollar at a dirty outlaw* in your phone book that has legal and tech expertise.

*lawyer
Was This Post Helpful? 0
  • +
  • -

#8 Sinned  Icon User is offline

  • D.I.C Head

Reputation: 18
  • View blog
  • Posts: 207
  • Joined: 13-October 10

Re: [Law] Big RSA keys outside USA

Posted 03 August 2012 - 02:33 PM

I was just hoping someone here should know a bit about using RSA in public - and could explain it to me.
I can't be the only one using it. (Maybe because the US government eliminated the others :P )
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1