# File ../../auditor/lib/kasp_checker.rb, line 515
    def check_key(key, type, policy, kasp_file, denial_type)
      #   7. The algorithm should be checked to ensure it is consistent with the NSEC/NSEC3 choice for the zone.
      alg = key.elements['Algorithm'].text
      if (denial_type == "NSEC3")
        # Check correct algorithm used for NSEC3
        if (!(["6","7","8","10"].include?alg))
          log(LOG_ERR, "In policy #{policy}, incompatible algorithm (#{alg}) used for #{type} NSEC3" +
              " in #{kasp_file} - should be 6,7,8 or 10")
        end
      end

      #   9. The key strength should be checked for sanity - warn if less than 1024 or more than 4096
      begin
        key_length = key.elements['Algorithm'].attributes['length'].to_i
        if (key_length < 1024)
          log(LOG_WARNING, "Key length of #{key_length} used for #{type} in #{policy}"+
              " policy in #{kasp_file}. Should probably be 1024 or more")
        elsif (key_length > 4096)
          log(LOG_WARNING, "Key length of #{key_length} used for #{type} in #{policy}"+
              " policy in #{kasp_file}. Should probably be 4096 or less")
        end
      rescue Exception
        # Fine - this is an optional element
      end

      #  10. Check that repositories listed in the KSK and ZSK sections are defined in conf.xml.
      repository = key.elements['Repository'].text
      if (!@repositories.keys.include?repository)
        log(LOG_ERR, "Unknown repository (#{repository}) defined for #{type} in"+
            " #{policy} policy in #{kasp_file}")
      end
    end