Module verifier 

Pin verification (protocol v2).

The default Verifier accepts only v2 pins. LegacyV1Verifier is an opt-in migration aid that additionally accepts v1 pins by dispatching them to the legacy canonicalization in crate::attestation::legacy_v1.

VerifyError mirrors the failure-mode set in spec §5 so callers can route distinct outcomes (forgery, tamper, mismatch, parse error) to different handlers.

Structs

KeyEntry

A registered public key plus an optional validity window (§7).

LegacyV1Verifier

Verifier that additionally accepts protocol-v1 pins via legacy canonicalization. Opt-in per spec §5 step 1.

Verifier

Holds the public-key registry and runs pin verification against supplied ground truth.

VerifyOptions

Optional caller-supplied ground truth and replay-protection IDs.

Enums

VerifyError

Distinct verification failure modes (spec §5).