{"guid":"e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","title":"To sign or not to sign: Practical vulnerabilities in GPG \u0026 friends","subtitle":null,"slug":"39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i","link":"https://events.ccc.de/congress/2025/hub/event/detail/to-sign-or-not-to-sign-practical-vulnerabilities-i","description":"Might contain zerodays. https://gpg.fail/\n\nFrom secure communications to software updates: PGP implementations such as *GnuPG* ubiquitously relied on to provide cryptographic assurances. Many applications from secure communications to software updates fundamentally rely on these utilities.\nSince these have been developed for decades, one might expect mature codebases, a multitude of code audit reports, and extensive continuous testing.\nWhen looking into various PGP-related codebases for some personal use cases, we found these expectations not met, and discovered multiple vulnerabilities in cryptographic utilities, namely in *GnuPG*, *Sequoia PGP*, *age*, and *minisign*.\nThe vulnerabilities have implementation bugs at their core, for example in parsing code, rather than bugs in the mathematics of the cryptography itself. A vulnerability in a parser could for example lead to a confusion about what data was actually signed, allowing attackers without the private key of the signer to swap the plain text. As we initially did not start with the intent of conducting security research, but rather were looking into understanding some internals of key management and signatures for personal use, we also discuss the process of uncovering these bugs. Furthermore, we touch on the role of the OpenPGP specification, and the disclosure process.\n\nBeyond the underlying mathematics of cryptographic algorithms, there is a whole other layer of implementation code, assigning meaning to the processed data. For example, a signature verification operation both needs robust cryptography **and** assurance that the verified data is indeed the same as was passed into the signing operation. To facilitate the second part, software such as *GnuPG* implement parsing and processing code of a standardized format. Especially when implementing a feature rich and evolving standard, there is the risk of ambivalent specification, and classical implementation bugs.\n\nThe impact of the vulnerabilities we found reaches from various signature verification bypasses, breaking encryption in transit and encryption at rest, undermining key signatures, to exploitable memory corruption vulnerabilities.\n\nLicensed to the public under http://creativecommons.org/licenses/by/4.0","original_language":"eng","persons":["49016","Liam"],"tags":["1854","2025","39c3","Security","One","39c3-eng","39c3-deu","39c3-fra","Day 1"],"view_count":80564,"promoted":false,"date":"2025-12-27T17:15:00.000+01:00","release_date":"2025-12-27T00:00:00.000+01:00","updated_at":"2026-04-09T21:00:04.823+02:00","length":2939,"duration":2939,"thumb_url":"https://static.media.ccc.de/media/congress/2025/1854-e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b.jpg","poster_url":"https://static.media.ccc.de/media/congress/2025/1854-e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2025/1854-e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2025/1854-e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i","url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_title":"39C3: Power Cycles","conference_url":"https://api.media.ccc.de/public/conferences/39c3","related":[],"recordings":[{"size":395,"length":2939,"mime_type":"video/webm;codecs=av01","language":"eng-deu-fra","filename":"39c3-1854-eng-deu-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_av1-hd.webm","state":"new","folder":"av1-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-12-27T20:04:47.534+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/av1-hd/39c3-1854-eng-deu-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_av1-hd.webm","url":"https://api.media.ccc.de/public/recordings/93974","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":null,"length":null,"mime_type":"text/vtt","language":"eng","filename":"1854-e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b-eng.vtt","state":"auto","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2025-12-30T01:24:06.957+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/1854-e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b-eng.vtt","url":"https://api.media.ccc.de/public/recordings/95317","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":44,"length":2939,"mime_type":"audio/mpeg","language":"eng","filename":"39c3-1854-eng-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2025-12-28T19:53:24.358+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/mp3/39c3-1854-eng-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/93929","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":204,"length":2939,"mime_type":"video/webm","language":"eng-deu-fra","filename":"39c3-1854-eng-deu-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-12-27T20:02:47.358+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/webm-sd/39c3-1854-eng-deu-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/93973","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":440,"length":2939,"mime_type":"video/webm","language":"eng-deu-fra","filename":"39c3-1854-eng-deu-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-12-27T19:55:21.935+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/webm-hd/39c3-1854-eng-deu-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/93971","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":206,"length":2939,"mime_type":"video/mp4","language":"eng-deu-fra","filename":"39c3-1854-eng-deu-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-12-27T19:38:14.559+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/h264-sd/39c3-1854-eng-deu-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_sd.mp4","url":"https://api.media.ccc.de/public/recordings/93939","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":30,"length":2939,"mime_type":"audio/opus","language":"eng","filename":"39c3-1854-eng-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2025-12-28T19:57:26.053+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/opus/39c3-1854-eng-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_opus.opus","url":"https://api.media.ccc.de/public/recordings/93928","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":44,"length":2939,"mime_type":"audio/mpeg","language":"deu","filename":"39c3-1854-deu-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_mp3-2.mp3","state":"new","folder":"mp3-translated","high_quality":false,"width":0,"height":0,"updated_at":"2025-12-27T19:35:13.299+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/mp3-translated/39c3-1854-deu-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_mp3-2.mp3","url":"https://api.media.ccc.de/public/recordings/93927","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":31,"length":2939,"mime_type":"audio/opus","language":"deu","filename":"39c3-1854-deu-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_opus-2.opus","state":"new","folder":"opus-translation","high_quality":false,"width":0,"height":0,"updated_at":"2025-12-27T19:35:09.062+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/opus-translation/39c3-1854-deu-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_opus-2.opus","url":"https://api.media.ccc.de/public/recordings/93926","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":628,"length":2939,"mime_type":"video/mp4","language":"eng-deu-fra","filename":"39c3-1854-eng-deu-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-12-27T19:33:34.767+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/h264-hd/39c3-1854-eng-deu-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends_hd.mp4","url":"https://api.media.ccc.de/public/recordings/93910","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":413,"length":2939,"mime_type":"video/mp4","language":"fra","filename":"39c3-1854-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-12-27T19:33:21.718+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/h264-hd/39c3-1854-fra-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends.mp4","url":"https://api.media.ccc.de/public/recordings/93909","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":413,"length":2939,"mime_type":"video/mp4","language":"deu","filename":"39c3-1854-deu-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-12-27T19:33:10.943+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/h264-hd/39c3-1854-deu-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends.mp4","url":"https://api.media.ccc.de/public/recordings/93908","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"},{"size":414,"length":2939,"mime_type":"video/mp4","language":"eng","filename":"39c3-1854-eng-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-12-27T19:33:00.104+01:00","recording_url":"https://cdn.media.ccc.de/congress/2025/h264-hd/39c3-1854-eng-To_sign_or_not_to_sign_Practical_vulnerabilities_in_GPG_friends.mp4","url":"https://api.media.ccc.de/public/recordings/93907","event_url":"https://api.media.ccc.de/public/events/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b","conference_url":"https://api.media.ccc.de/public/conferences/39c3"}]}