Export Control

Cryptographic Algorithms

Fialka implements the following strong cryptographic primitives:

• AES-256-GCM (symmetric encryption)
• ChaCha20-Poly1305 (symmetric encryption, stream)
• X25519 (Elliptic Curve Diffie–Hellman key exchange)
• Ed25519 (digital signatures)
• ML-KEM-1024 (post-quantum key encapsulation, FIPS 203)
• ML-DSA-44 (post-quantum signatures, FIPS 204)
• BLAKE3 / SHA3-256 (cryptographic hashing)
• HKDF (key derivation)
• Double Ratchet + PQXDH (forward-secret messaging protocol)

The cryptographic core is provided by Fialka-Core, a Rust library included in this project under GPLv3.

United States — EAR (Export Administration Regulations)

Fialka is published as publicly available open-source software. Under 15 CFR § 740.13(e) of the Export Administration Regulations, cryptographic source code that is publicly available and meets certain criteria is eligible for the TSU exception (Technology and Software — Unrestricted).

Key conditions met by this project:

• Source code is publicly available on GitHub (no access controls)
• The project is not developed for or by a U.S. person for commercial sale
• No encryption review request (ERN) has been submitted (not required under TSU for open-source)

Disclaimer: This is not legal advice. EAR classification may depend on factors specific to your use. Consult legal counsel if exporting for commercial purposes.

European Union — Dual-Use Regulation

Cryptographic software may be subject to EU dual-use controls under Council Regulation (EC) No 428/2009 (as amended). Category 5 Part 2 covers information security products.

However, an exemption applies under Note 3 (the "Mass Market" / "publicly available" exemption) for cryptographic software that is:

• Available to the public without restriction
• Not designed for a specific application that would trigger controls
• Not subject to export restrictions by the developer

Fialka satisfies these conditions as a freely available open-source application.

Note: EU regulations and interpretations vary by member state. Check with your national authority (e.g., ANSSI in France, BAFA in Germany) if in doubt.

France — Déclaration ANSSI

En France, les produits et services de cryptologie sont soumis aux articles 29 à 41 de la loi n° 2004-575 du 21 juin 2004 (LCEN) et au décret n° 2007-663 du 2 mai 2007. L'utilisation de la cryptologie est libre depuis la loi de 1999. La fourniture, l'importation ou l'exportation peuvent nécessiter une déclaration ou une autorisation auprès de l'ANSSI.

Fialka est un logiciel open-source à vocation non commerciale, distribué librement. L'ANSSI a défini des régimes simplifiés pour ce type de logiciel. Consultez le site ssi.gouv.fr pour les procédures applicables.

Restricted Parties & Embargoed Destinations

Fialka must not be downloaded, used, or distributed in violation of applicable sanctions or in connection with:

• Parties on U.S. OFAC Specially Designated Nationals (SDN) list
• Parties on the EU Consolidated Financial Sanctions List
• Countries subject to comprehensive U.S. embargoes (currently: Cuba, Iran, North Korea, Syria, Russia-controlled regions of Ukraine)

By downloading or using Fialka, you represent that you are not on any restricted party list and are not located in an embargoed jurisdiction.

Your Responsibilities

The Fialka project and its contributors do not accept responsibility for your compliance with export control laws. By downloading, using, or distributing Fialka you agree that:

• You have determined whether export authorization is required in your jurisdiction
• You will comply with all applicable export control laws and regulations
• You will not export or re-export Fialka in violation of any applicable law