I couldn't find anything about the export classification of KiXtart. No ECCN number or any other related information. How am I supposed to know if I'm breaking US law by using the software within a product that is shipped to different countries?

KiXtart is not an open source software, so I can't check if it contains functions that may be subject to the EAR.

Ussually there are some basic rules which can be followed to conclude the ECCN of a software:

1) Was the software developed by a US citizen or in the USA?
2) Does it contain any kind of encryption/decryption functionality besides
- Authentication
- Hashing

Software that doesn't apply to 1) is not subject to EAR and can be classified as ECCN = N. If it apllies to 1) but not to 2), it can be classified as ECCN = EAR99.
If 1) and 2) apply, the supported encryption depth is essential.

x<64 bit depth and symetcric encryption algorith => ECCN = 5D992
x<256 bit depth and asymetcric encryption algorith => ECCN = 5D992
else ECCN = 5D002

I hope sombody can help me to find the correct classification number for KiXtart. Maybe there are also other people or companies who need to know this too?

With best regards