Olga Antropova wrote:
>
> Hi,
>
> I am in US and have to deal with export regulations on the encryption level.
> Does anyone know how the private/public key length is affected by those?
> Should the keys be 512 bits?
>
Disclaimer: I'm no expert on this (not being in the US) but...
I believe (?) this has been increased to 1024 bits. Signature only keys
have no restrictions at all.
> The private key is encrypted (using DES - right?). Do the export regulations on
> DES key length apply here?
>
> If private key is encrypted using strong encryption will the application that
> only runs the export cipher cuite be able to unlock such private key?
>
Private keys can be encrypted using a variety of algorithms. Usually
triple DES is the default with OpenSSL. This cannot be exported from the
US for general use.
However it seems like it is permissible to export 3DES if it is only
used to protect private keys, rather than general data encryption. Both
Netscape and MS use 3DES to protect their private keys in PKCS#12 files
in export versions of their software.
"single" DES (56 bits) is not considered adequate for private key
protection.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
