The current confusion (CI No 3,072) over encryption export is looking worse, with the announcement of RSA Data Security Inc’s Java Security Toolkit, which will not be available for international launch unless changes of US cryptography export legislation are made. RSA, a subsidiary of Security Dynamics Technologies Inc, is developing the JSAFE toolkit, for the development of Java based electronic commerce applications, using public key encryption to enable privacy and authentication and incorporating Secure Sockets Layer, and Secure Electronic Transaction technologies. The Toolkit offers the developer the opportunity to set public key encryption to ‘n’ bit length, meaning a non-US developer would be able to develop applications that had up to 128bit encryption. RSA admits that this won’t wash with the US Department of Commerce, but is loath to hard code 40bit encryption power into the software as this would negate the flexibility of the toolkit. Instead, it has decided not to launch the product worldwide, hoping for changes in the export regulations before their scheduled US launch in the summer. The JSAFE toolkit is designed for the Java Development Kit 1.1 from JavaSoft Inc. But by the time RSA launches JSAFE, JDK 1.2 will have been released. Although JavaSoft says there will be no incompatibilities between JDK1.2 and JSAFE, it will not reveal JDK1.2’s encryption capability.
