There is some paperwork we need to file based on OOo use of cryptography. Details are on the Apache website [1]. I think I can handle most of the paperwork, provided I can get some help, on this thread, establishing the basic facts.
1) Was something similar every done for OpenOffice.org? Most software companies are aware of this US export regulation and do this declaration as a matter of routine. But not all open source projects are as diligent as ASF is. So it is possible that OOo never did this before. But if they did, we could reuse much of their paperwork. 2) We need a list of all uses of cryptographic methods in OOo, including code that we include, but also where we enable 3rd party or OS crypto modules to plugged in. This includes both symmetrical algorithms (commonly used for encryption) as well as asymmetrical algorithms (for example, public key uses like PGP, RSA, TLS, etc.) 3) For each method, it looks like we need to state whether we authored the crypto, or name the origin of the code if it is a 3rd party. The methods I suspect are in OOo are: a) For password-protected ODF documents, we use the Blowfish block encryption method. Where did that code come from? b) What do we support for other document formats, such as DOC, OOXML or legacy StarOffice formats? Any other encryption methods? If so, what are they are what was their origin? c) We support digital signatures with ODF files as well. What algorithms are supported? Is this our original code or 3rd party? d) Do we support digital signatures with any other file formats? e) Any other uses of encryption? f) Presumably we places that are at least enabled for SSL via OS-level resolution of https protocol URLs. Is this correct? g) But do we have any SSL (TLS) code included in our source code? If so, what is the origin of this? 4) In general, are there any other areas of AOOo where we include or enable the use of cryptographic methods? [1]: http://www.apache.org/dev/crypto.html
