cryptoJS and ionic - export compliance?


#1

Hi, not really an ionic question.
I’ve recently integrated cryptoJS to encrypt certain strings before I store them in my ionic app.
Has anyone used cryptoJS and submitted to the App Store ?

I am based in the US, and it asks questions on crypto usage - so far I’ve said no, but now that I use cryptoJS, should I be saying “Yes” ? And if so, has anyone experienced the process henceforth?

rgz


#2

Hi,
How did you get around the problem?
I’m having the same issue right now.

Thanks,
zammy


#3

What are you using cryptojs for?


#4

For encrypting password to store within the localstorage.


#5

If you’re using a passphrase system, I would look into using scrypt instead. There are several implementations; I use scrypt-async.


#6

Are you saying if I use that, there is no “export compliance” issue but if I use crytoJS , I have?


#7

Don’t take this as legal advice, but my understanding is that crypto that is specifically used to protect passwords is allowed to be exported unrestricted (see here). So using a special-purpose library like scrypt may help you on that front. I also think it’s technically a better choice than generic cryptojs.


#8

Please can you quote from the file your provided that says “that crypto that is specifically used to protect passwords is allowed to be exported”.
Thanks for your help.