[][src]Module sequoia_openpgp::policy

A mechanism to specify policy.

A major goal of the Sequoia OpenPGP crate is to be policy free. However, many mid-level operations build on low-level primitives. For instance, finding a certificate's primary User ID means examining each of its User IDs and their current self-signature. Some algorithms are considered broken (e.g., MD5) and some are considered weak (e.g. SHA-1). When dealing with data from an untrusted source, for instance, callers will often prefer to ignore signatures that rely on these algorithms even though RFC 4880 says that "[i]mplementations MUST implement SHA-1." When trying to decrypt old archives, however, users probably don't want to ignore keys using MD5, even though RFC 4880 deprecates MD5.

Rather than not provide this mid-level functionality, the Policy trait allows callers to specify their prefer policy. This can be highly customized by providing a custom implementation of the Policy trait, or it can be slightly refined by tweaking the StandardPolicy's parameters.

When implementing the Policy trait, it is essential that the functions are [idempotent]. That is, if the same Policy is used to determine whether a given Signature is valid, it must always return the same value.



The Null Policy.


The standard policy.



Asymmetric encryption algorithms.



A policy for cryptographic operations.