Or, more precisely, software that makes use of the
Legion of the Bouncy Castle's crypto APIs.
I am starting to broadly sketch architecture on a software solution that needs to make use of RSA-based public-keys encryption and OpenPGP. Wanting to avoid the GPL, I am looking very closely at the Bouncy Castle provider and optional library for OpenPGP, since I already have used it in the past, and it is under a more flexible MIT-like licensing scheme. However, my customer in Japan (I'm in Japan, too) is very hesitant to use strong encryption due to the Japanese government cracking down on export of anything that may have military applications, just like ITAR in the US (
article on Yamaha in China).
My understanding on BouncyCastle is that, since it is an Australian product, I should not be bound by any export restrictions, whether I am creating my software in the US or Japan.
Secondly, since BouncyCastle is free and open software clearly in the public domain, this should exempt me from normal export restrictions on strong encryption.
I am not a lawyer, and I don't know if any TechHui-ans actually are, but if anyone has any experience in exporting software that makes use of strong encryption, I would love to hear your thoughts on this.