Welcome to WebmasterWorld Guest from

Forum Moderators: LifeinAsia & httpwebwitch

Message Too Old, No Replies

Exporting code that uses cryptography. Legal?

4:38 pm on Nov 27, 2009 (gmt 0)

Moderator This Forum from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
votes: 0

Here's an interesting question.

Hypothetically, let's say I built a JavaScript library that does MD5 hashing and SHA-1 cryptography. I include it on my web page, and use it to crypt up data before throwing it through an AJAX request.

I'm not concerned about the security of this since I'd always use a locally-stored key for encryption which matches a server-side key for decryption. Despite being client-side, it would serve its purpose well.

It's cryptography, it's algorithms, and it's being exported. The source code for the cryptography method is right there, in a <script> on my page.

Aren't there laws regulating that?

Would I be doing something illegal using this client-side code on my website?

4:51 am on Nov 28, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 29, 2003
posts: 1676
votes: 0

I'd run it by an attorney for sure. Adobe, for example, has products that cannot be exported to certain countries for a variety of highly dubious reasons, IMO.

Cryptography would certainly be a flag around the world.

It's incredibly stupid, as if these other countries don't have the intellectual capacity to design what they need or to buy it and easily export themselves.

I have no problems whatsoever with exporting virtually any intellectual property, including cryptology.

Here in the USA (where we have lost all common sense) I'd expect it to be a problem, and I would expect most countries to have import and export bureaucracy for encrytion programs; no matter how easily defeated. You could probably sell it in your own country and let it be the buyers' 'problem', but I would lawyer-up first.

I'll skip the rant; you can guess where I'd be going.

2:36 pm on Nov 29, 2009 (gmt 0)

Preferred Member

10+ Year Member

joined:Oct 20, 2003
votes: 0

Call the Justice department. They will have the black helicopters over in no time.
1:28 am on Dec 1, 2009 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
votes: 1

For some countries it is not export to them which is the problem, but import. There are countries which don't allow cryptographic routines to cross their border because the government is afraid that those routines can be used to hide information for them.

A fairly complete list of laws around the world related to cryptography can be found at rechten.uvt.nl/koops/cryptolaw/ [rechten.uvt.nl]

1:45 am on Dec 1, 2009 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
votes: 2

Cryptography is a "dual-use technology", so you will need to read up on the Wassenaar Arrangement, of which Canada (and the US) is a signatory:


The following links are very old, but I believe they are still at least partly-valid:


I would suggest contacting Industry Canada, or Foreign Affairs and International Trade Canada to see what the current regulations are.


Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members