A policy for cryptographic operations.
Returns an error if the signature violates the policy.
This function performs the last check before the library decides that a signature is valid. That is, after the library has determined that the signature is well-formed, alive, not revoked, etc., it calls this function to allow you to implement any additional policy. For instance, you may reject signatures that make use of cryptographically insecure algorithms like SHA-1.
Note: Whereas it is generally better to reject suspicious signatures, one should be more liberal when considering revocations: if you reject a revocation certificate, it may inadvertently make something else valid!
fn key(&self, _ka: &ValidKeyAmalgamation<PublicParts>) -> Result<()>
Returns an error if the key violates the policy.
This function performs one of the last checks before a
KeyAmalgamation or a related data structures is turned into
ValidKeyAmalgamation, or similar.
Internally, the library always does this before using a key.
The sole exception is when creating a key using
In that case, the primary key is not validated before it is
used to create any binding signatures.
Thus, you can prevent keys that make use of insecure algoriths, don't have a sufficiently high security margin (e.g., 1024-bit RSA keys), are on a bad list, etc. from being used here.