Encryption & Export Compliance
Last updated: 14 June 2026
Fyles uses strong, standard, publicly-published cryptography to protect file transfers between devices. This page documents the cryptography it contains and its classification under United States export-control law (the Export Administration Regulations, “EAR”).
Summary
- Fyles uses encryption for the security of its own peer-to-peer communications.
- All algorithms are standard, published primitives — there is no proprietary or “home-grown” cryptographic algorithm.
- Self-classification: ECCN 5D002 (and corresponding 5D992 for the mass-market form), eligible for License Exception ENC.
- Because the app implements encryption beyond what the operating system provides and beyond mere authentication, it is not exempt from the relevant encryption reporting/notification requirements.
Cryptography inventory
| Purpose | Algorithm | Notes |
|---|---|---|
| Authenticated symmetric encryption (session confidentiality) | ChaCha20-Poly1305 (AEAD) | 256-bit key; encrypts all peer-to-peer session traffic |
| Key agreement (classical) | X25519 (ECDH on Curve25519) | Ephemeral per session |
| Key encapsulation (post-quantum) | ML-KEM / Kyber-1024 | NIST-standardised; combined with X25519 in a hybrid scheme |
| Digital signatures (classical) | Ed25519 (EdDSA) | Identity authentication of session messages |
| Digital signatures (post-quantum) | ML-DSA / Dilithium-5 | NIST-standardised; combined with Ed25519 in a hybrid scheme |
| Key derivation | HKDF-SHA256 | Derives the session key from the hybrid shared secret |
| Hashing | SHA-256 | Used by HKDF and internal validation |
| Transport security | Noise protocol (via libp2p) | Link-level security beneath the application’s own session layer |
The cryptographic primitives are provided by well-known open-source libraries (the RustCrypto and PQClean/PQCrypto projects and the libp2p networking stack).
US export classification (EAR)
Fyles is a mass-market application whose primary function is file sharing, secured by the encryption described above. We self-classify the software under ECCN 5D002 (encryption software), using License Exception ENC under 15 CFR § 740.17. The encryption serves the app’s own communications security and uses only standard published algorithms.
Apple App Store export-compliance answer
For Apple App Store submissions, Fyles answers “Yes” to “Does your app
use encryption?”, and — because it implements its own encryption rather than relying
only on the operating system, and is not limited to authentication — answers that it
uses non-exempt encryption. The relevant
ITSAppUsesNonExemptEncryption declaration is set accordingly.
This page documents our good-faith self-classification for transparency. It is not legal advice and it does not by itself satisfy any government filing obligation (such as an annual self-classification report to the U.S. Bureau of Industry and Security). Export-control obligations should be confirmed with qualified counsel before distribution.