At time of writing, only certain key types are permitted: 2048-bit RSA keys and Ed25519. The protocol is expensible to any other public key algorithm.
Elliptic curve cryptography is by no means perfectly secure. It can be defeated if the verifier does not verify that the public key falls on the correct curve. As such, please verify that the signature that comes in a payload is indeed on the specified curve.