To sign or not to sign: Practical vulnerabilities in GPG and friends · HackerTrans