I received a phone call today from a lady with the U.S. Bureau
of Export Administration (BXA) who'd read my AEScrypt page (the URL of
which I'd submitted to them for an export license exemption as
required by U.S. export regulations, see crypto.com for more info). aescrypt is
of course Open Source. She wished to remind me that any application
built using Open Source encryption components had to also be
submitted to the BXA for the proper export license or license
exemption if the application was to be exported. The export license
for the component covers only the component, not applications that
use the component. The fact that the component itself is Open
Source and thus may be freely exported does not matter.
Hopefully this reminder will prevent problems on the part of
those who use AEScrypt or other Open Source encryption components
as part of a larger application.