Stronger encryption from U.S. companies should soon be widely available as the federal government begins to approve export licenses for companies that comply with its new encryption export rules.
A third company, Trusted Information Systems, effectively had approval before January 1 because of its existing key recovery technology.
The new rules, which went into effect January 1, state that 56-bit encryption can be exported only if the company agrees to participate in a key storage system, such as key recovery, that gives the government court-ordered access to data. If a firm doesn't agree to the key storage conditions, the limit for export is 40-bit algorithms, which are relatively easy to crack.
The government will review all licenses every six months. Cylink's license is based on the company's CyKey key-recovery technology. CyKey allows users to unscramble encrypted data even if the key, or code, is lost or unavailable.
CyKey will be optional on all Cylink network security products sold in the United States and Canada but mandatory for products shipped elsewhere.
Digital said it will immediately export 56-bit encryption for its OpenVMS operating systems and for its wireless LAN security product. A 56-bit export version of AltaVista Tunnel, virtual private network software, will follow this year.
Cylink applied for a license on January 2 and has just received approval, Cylink officials said. "It had to be approved by the FBI, NSA, and the Commerce Committee, so that's pretty quick," company spokeswoman Paula Dunne said.
Under the old rules, which gave the State Department jurisdiction over encryption export licenses, software companies complained that the approval process was unacceptably long.
Cylink has two years to make CyKey available in its products or else its license will be revoked. Products with CyKey will start shipping in the third or fourth quarter, Dunne said.