The software was classed as munitions and one needed an arms dealer’s license to publish it, including online. The creator of PGP published the full source code as a book, as these are covered under first amendment rights.
The software was classed as munitions and one needed an arms dealer’s license to publish it, including online. The creator of PGP published the full source code as a book, as these are covered under first amendment rights.
An annoyance that came shortly after was that they were not allowed to ship the Java Runtime Environment / Development Kit with a javax.crypto library that allowed for algorithms stronger than DES (such as AES, Twofish, Blowfish, …), or long passwords, iirc.
There was some way to download something extra (Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files) and fiddle it in, but with regulation in the US, I think.
I was quite sad when I made one of my early programs based on that and it turned out to be useless to US citizens, and hard to use for everyone else. I think I made a bouncycastle-based version later, but it was basically a full rewrite.
Edit: I’m starting to remember more absurdities of the time: Even with the JCE, the best algorithm for symmetric encryption was 3DES, which was not a legal requirement, just laziness of Sun Microsystems. While it was somewhat safe, it was less than ideal and really slow.
Fun fact, Google pay and other “modern” payment processors still had to use 3DES until 2020 at least (might still do, I got out of the industry).