[pve-devel] [PATCH pve_flutter_frontend v2] chore: ios: add export compliance key to info.plist

Thomas Lamprecht t.lamprecht at proxmox.com
Mon Sep 29 15:09:30 CEST 2025


Am 29.09.25 um 14:51 schrieb Shan Shaji:
> Hi @Thomas and @Dominik, I have done some more research on this through
> the BIS documentation [0] on License Exception ENC and Category 5, Part 2 [1]. 
> 
> AFAIU, 
> 
> - Since we are using TLS/SSL encryption we are under 5A002/5D002.
>   Our app comes under mass market [2] so it further classfies it under
>   5A992/5D992. After March 29, 2021 mass market software doesn't need to
>   provide a self classification report [3]. Also since we are using the
>   platform APIs provided by iOS which are already exported by Apple
>   for SSL/TLS and not implementing any encryptions by ourselves  
>   i believe we don't need to do anything from our side. 
> 
> - For the crypto package that we are using doesn't likely fall under 5A002/5D002 as
>   it's not used for confidentiality rather we are using it for data integrity. 
>   So i believe it should likely fall under ECCN 5D992 (Mass Market).
>   Also the source code of the package is publicly available and SHA-256
>   is a standared algorithm. 
> 
> - For `biometric_storage`, the package internaly uses the platform APIs
>   that are available in iOS [4]. Since it's using the already exported iOS
>   interfaces i believe we should be fine there as well. 
> 
> - [0] https://www.bis.doc.gov/index.php/encryption-and-export-administration-regulations-ear 
> - [1] https://www.bis.doc.gov/index.php/documents/new-encryption/1652-cat-5-part-2-quick-reference-guide/file
> - [2] https://www.bis.doc.gov/index.php/policy-guidance/encryption/3-license-exception-enc-and-mass-market/a-mass-market (Paragraph a)
> - [3] https://www.bis.doc.gov/index.php/documents/pdfs/2759-table-of-changes-to-enc-in-wa2019-rule-final-version/file (Table Reference)
> - [4] https://github.com/authpass/biometric_storage/blob/main/macos/Classes/BiometricStorageImpl.swift   
> 
> So IMHO, i think it's safe to update the ` ITSAppUsesNonExemptEncryption` key
> to false. WDYT?

That seems to be a safe conclusion with enough due diligence to back it up.




More information about the pve-devel mailing list