[−][src]Module sequoia_openpgp::policy
A mechanism to specify policy.
A major goal of the Sequoia OpenPGP crate is to be policy free. However, many mid-level operations build on low-level primitives. For instance, finding a certificate's primary User ID means examining each of its User IDs and their current self-signature. Some algorithms are considered broken (e.g., MD5) and some are considered weak (e.g. SHA-1). When dealing with data from an untrusted source, for instance, callers will often prefer to ignore signatures that rely on these algorithms even though RFC 4880 says that "[i]mplementations MUST implement SHA-1." When trying to decrypt old archives, however, users probably don't want to ignore keys using MD5, even though RFC 4880 deprecates MD5.
Rather than not provide this mid-level functionality, the Policy
trait allows callers to specify their prefer policy. This can be
highly customized by providing a custom implementation of the
Policy
trait, or it can be slightly refined by tweaking the
StandardPolicy
's parameters.
When implementing the Policy
trait, it is essential that the
functions are [idempotent]. That is, if the same Policy
is used
to determine whether a given Signature
is valid, it must always
return the same value.
Structs
NullPolicy | The Null Policy. |
StandardPolicy | The standard policy. |
Enums
AsymmetricAlgorithm | Asymmetric encryption algorithms. |
Traits
Policy | A policy for cryptographic operations. |