Learning OpenPGP by example

Seth Hardy

The goal of this talk is to help demystify some of the internals of the OpenPGP standard, through example, so that others can learn from and hopefully continue the process. The current (free) open source implementations of the OpenPGP standard are easily better than many commercial solutions, as well as more readily supported. To do this, I will show off a number of the OpenPGP-based projects I've been working on lately, including: subliminally leaking keys in digital signatures; vanity key generation; extending the web of trust to ssh host keys; and maybe even some attacks against the keyserver network that I'll later regret showing off code for.