T
T
tr1cks2018-03-16 11:49:22
Law in IT
tr1cks, 2018-03-16 11:49:22

Do I need a license to work with cryptography in custom development?

In many orders, cryptography is present in one form or another - from encryption and signature to banal hashing. So it turns out that a license is needed anyway, even if it's freelancing? What will be the responsibility for its absence during the performance of the relevant work?
upd. This is mainly about working with foreign customers directly or through the platform. Here, the issue of exporting cryptographic tools is also of concern. With simple cases like "we use a third-party certified solution", "we develop our own solution for encrypting information", everything is clear. Interested in borderline cases, for example:

  1. Development, refinement of the blockchain project
  2. Improvement of hashcat
  3. Implementation of the well-known non-GOST algorithm for encryption, signature, hashing
  4. Implementation of the file encryption function, using a third party library, but with self-generated public and private keys
  5. Implementation of cryptographic protocols based on library algorithms
upd2. I'll try to put it differently. Which of these should be licensed (we are not talking about GOST algorithms and certification on the territory of the Russian Federation now):
  1. Coding a known cryptographic algorithm
  2. Implementation of the cryptographic protocol. The algorithms themselves are taken from third-party ready-made libraries
  3. Using a ready-made cryptographic protocol implementation (TLS, SSH, etc.) from the library

Answer the question

In order to leave comments, you need to log in

4 answer(s)
A
Armenian Radio, 2018-03-16
@gbg

We are talking only about the sale / development of encryption tools directly. If you just use OpenSSL, you won't get anything.
And if you do the same according to the TOR from the state office, which says right in the TOR ... to provide encryption, blablabla - then you also need a license.

#
#, 2018-03-16
@mindtester

even government offices are different... but it's not a fact that a dedicated license is needed.. maybe just using licensed (legally acquired by the performer or customer, by the way, there may be an open source for the implementation of "GOST") products (libraries) will be sufficient..
..here you need to be careful look at the situation .. perhaps with the advice of a lawyer

R
res2001, 2018-03-17
@res2001

In my opinion, in your case, no license is required.
In general, the crypto legislation has already been well developed, find out the numbers of the current federal laws on the specialized forums and read, everything is quite clear there.
But if you suddenly decide to embed a crypto library certified in the Russian Federation, then you will need it.

A
aderes, 2018-03-19
@de-iure

Read here, everything is available: www.consultant.ru/document/cons_doc_LAW_128739/1aa...
There has already been a similar topic... it is not a product (software, algorithm, method) that is licensed, but an activity.
The regulation determines the procedure for licensing:
1) development activities,
1.1) production,
1.2) distribution of encryption (cryptographic) tools, information systems and telecommunications systems protected using encryption (cryptographic) tools,
2) performance of work, provision of services in the field of information encryption ,
3) maintenance of encryption (cryptographic) means, information systems and telecommunication systems protected using encryption (cryptographic) means (except for the case when the maintenance of encryption (cryptographic) means, information systems and telecommunication systems protected using encryption (cryptographic) ) funds carried out to meet the own needs of a legal entity or an individual entrepreneur), carried out by legal entities and individual entrepreneurs.
Freelancing is not for your own needs. Since you are using a well-known cryptographic algorithm, therefore, you are developing it and not producing it, but are going to distribute it (clause 1.2). With regard to points 2 and 3, it is necessary to analyze the activity in more detail, these are no longer suggestive answers to the form, but the specific work of a lawyer.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question