Trait sequoia_openpgp::policy::Policy

source ·
pub trait Policy: Debug + Send + Sync {
    // Provided methods
    fn signature(&self, _sig: &Signature, _sec: HashAlgoSecurity) -> Result<()> { ... }
    fn key(
        &self,
        _ka: &ValidErasedKeyAmalgamation<'_, PublicParts>,
    ) -> Result<()> { ... }
    fn symmetric_algorithm(&self, _algo: SymmetricAlgorithm) -> Result<()> { ... }
    fn aead_algorithm(&self, _algo: AEADAlgorithm) -> Result<()> { ... }
    fn packet(&self, _packet: &Packet) -> Result<()> { ... }
}
Expand description

A policy for cryptographic operations.

Provided Methods§

source

fn signature(&self, _sig: &Signature, _sec: HashAlgoSecurity) -> Result<()>

Returns an error if the signature violates the policy.

This function performs the last check before the library decides that a signature is valid. That is, after the library has determined that the signature is well-formed, alive, not revoked, etc., it calls this function to allow you to implement any additional policy. For instance, you may reject signatures that make use of cryptographically insecure algorithms like SHA-1.

Note: Whereas it is generally better to reject suspicious signatures, one should be more liberal when considering revocations: if you reject a revocation certificate, it may inadvertently make something else valid!

source

fn key(&self, _ka: &ValidErasedKeyAmalgamation<'_, PublicParts>) -> Result<()>

Returns an error if the key violates the policy.

This function performs one of the last checks before a KeyAmalgamation or a related data structures is turned into a ValidKeyAmalgamation, or similar.

Internally, the library always does this before using a key. The sole exception is when creating a key using CertBuilder. In that case, the primary key is not validated before it is used to create any binding signatures.

Thus, you can prevent keys that make use of insecure algorithms, don’t have a sufficiently high security margin (e.g., 1024-bit RSA keys), are on a bad list, etc. from being used here.

If you implement this function, make sure to consider the Key Derivation Function and Key Encapsulation parameters of ECDH keys, see PublicKey::ECDH.

source

fn symmetric_algorithm(&self, _algo: SymmetricAlgorithm) -> Result<()>

Returns an error if the symmetric encryption algorithm violates the policy.

This function performs the last check before an encryption container is decrypted by the streaming decryptor.

With this function, you can prevent the use of insecure symmetric encryption algorithms.

source

fn aead_algorithm(&self, _algo: AEADAlgorithm) -> Result<()>

Returns an error if the AEAD mode violates the policy.

This function performs the last check before an encryption container is decrypted by the streaming decryptor.

With this function, you can prevent the use of insecure AEAD constructions.

This feature is experimental.

source

fn packet(&self, _packet: &Packet) -> Result<()>

Returns an error if the packet violates the policy.

This function performs the last check before a packet is considered by the streaming verifier and decryptor.

With this function, you can prevent the use of insecure encryption containers, notably the Symmetrically Encrypted Data Packet.

Implementors§