LetsEncryptCPS encodes the five key algorithms and sizes allowed by the Let's Encrypt CPS CV-SSL Subscriber Certificate Profile: RSA 2048, RSA 3076, RSA 4096, ECDSA 256 and ECDSA P384.

NewPolicy returns a key policy based on the given configuration, with sane defaults.

ErrBadKey represents an error with a key.

AllowedKeys is a map of six specific key algorithm and size combinations to booleans indicating whether keys of that type are considered good.

KeyPolicy determines which types of key may be used with various boulder operations.

BlockedKeyCheckFunc is used to pass in the sa.BlockedKey functionality to KeyPolicy, rather than storing a full sa.SQLStorageAuthority.