I my application I use sha256 encryption (actually it's a hash function, so you can't decrypt it). For each request to server I need to make such a string "param1|param2|param3" and encrypt it with sha256 (I will get encryptedString) and I need to add the 4th parameter "hash" = encryptedString. It's the only use of the encryption in the application
sha256 function is:
import Security
func encryption_sha256(_ originString: String) -> String {
let data = originString.data(using: String.Encoding.utf8)!
var hash = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH))
CC_SHA256((data as NSData).bytes, CC_LONG(data.count), &hash)
let hexBytes = hash.map { String(format: "%02hhx", $0) }
let resultString = hexBytes.joined(separator: "")
return resultString
}
When I submit to App Store I have such questions:
1) Is your app designed to use cryptography or does it contain or incorporate cryptography? (Select Yes even if your app is only utilizing the encryption available in iOS or macOS.)*
As far as I understand, my Answer is YES . Or can I answer NO, because sha256 is not encryption, it's just hash and you can't decrypt it?
2) Does your app meet any of the following: (a) Qualifies for one or more exemptions provided under category 5 part 2 (b) Use of encryption is limited to encryption within the operating system (iOS or macOS) (c) Only makes call(s) over HTTPS (d) App is made available only in the U.S. and/or Canada
Make sure that your app meets the criteria of the exemption listed here. You are responsible for the proper classification of your product. Incorrectly classifying your app may lead to you being in violation of U.S. export laws and could make you subject to penalties, including your app being removed from the App Store. Read the FAQ thoroughly before answering the questions.
You can select Yes for question #2 if the encryption of your app is: (a) Limited to using the encryption within the operating system (iOS or macOS) (b) Limited to making calls over HTTPS (c) Specially designed for medical end-use (d) Limited to intellectual property and copyright protection (e) Limited to authentication, digital signature, or the decryption of data or files (f) Specially designed and limited for banking use or "money transactions"; or (g) Limited to "fixed" data compression or coding techniques You can also select Yes if your app meets the descriptions provided in Note 4 for Category 5, Part 2 of the U.S. Export Administration Regulations.
I here I answer Yes, everything is easy, I just need to insert <key>ITSAppUsesNonExemptEncryption</key><false/> in the info.plist file.
Can I answer YES to this question?
if NO, I get the 3d question:
3) Does your app implement any encryption algorithms that are proprietary or yet-to-be-accepted as standards by international standard bodies (IEEE, IETF, ITU, etc.)?
As far as I understand, answer is NO
4) Does your app implement any standard encryption algorithms instead of, or in addition to, using or accessing the encryption in Apple’s iOS or macOS?
As far as I understand, answer is YES And in this case I need:
Please upload a short letter stating that you understand your legal obligations to submit a year-end self classification report required by the Bureau of Industry and Security (BIS).
Where do I need to submit this year-end self classification report required by the Bureau of Industry and Security ? Or may be can I answer YES to the 2nd question?
