GET /congress/2025/event/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b/?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": "e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b",
"kind": "official",
"name": "To sign or not to sign: Practical vulnerabilities in GPG & friends",
"slug": "to-sign-or-not-to-sign-practical-vulnerabilities-i",
"url": "https://api.events.ccc.de/congress/2025/event/e448ef16-47cf-57ad-9fbd-a5f91aa4aa3b/?format=api",
"track": "security",
"assembly": "ccc",
"room": "ba692ba3-421b-5371-8309-60acc34a3c05",
"location": null,
"language": "en",
"description": "Beyond the underlying mathematics of cryptographic algorithms, there is a whole other layer of implementation code, assigning meaning to the processed data. For example, a signature verification operation both needs robust cryptography **and** assurance that the verified data is indeed the same as was passed into the signing operation. To facilitate the second part, software such as *GnuPG* implement parsing and processing code of a standardized format. Especially when implementing a feature rich and evolving standard, there is the risk of ambivalent specification, and classical implementation bugs.\r\n\r\nThe impact of the vulnerabilities we found reaches from various signature verification bypasses, breaking encryption in transit and encryption at rest, undermining key signatures, to exploitable memory corruption vulnerabilities.",
"schedule_start": "2025-12-27T17:15:00+01:00",
"schedule_duration": "01:00:00",
"schedule_end": "2025-12-27T18:15:00+01:00"
}