I need to store the user's password in my iphone app.
When posting an app to the app store, I have to tell Apple if there's encryption in the app for export purposes.
I don't want my app to be restricted to US only, but I also don't want to store or send passwords over the net in clear text.
So basically the question is, can I encrypt passwords in a way that will not get my app restricted?
Just store the password in the keychain. It is a system API apple provides, and you don't have to know anything about the encryption. Apple ships it, is their responsibility to ensure export compliance of the system frameworks. Presumably they use weaker (or no) encryption if they sell the device anywhere that it is prohibited, but if you use the available APIs you will not be shipping any export restricted cryptographic code in your binary, and the only way that you could be interpreted as doing so would mean that Apple is shipping it with every iPhone.
Having said that, I am not a lawyer, I recommend consulting one if you are worried about it. No amount of other programmers advice is particularly relevant on what is fundamentally a legal matter.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With