This talk will focus on one reason why it's extremely important to verify the trustworthiness of your encryption programs. A number of papers about a subliminal channel in the Digital Signature Algorithm (DSA) used by the United States Digital Signature Standard were published more than ten years ago. This channel allows for undetectable communication via digital signatures. The subliminal channel is generally viewed as a method of legitimate but hidden communication, but it can also be used for leaking secret information (such as keys) in an undetectable way to anyone who knows what to look for. This presentation will show how this subliminal channel works and demonstrate - using a patched version of the GNU Privacy Guard - how to use it for both benign and malicious reasons: legitimate communication using the subliminal channel, and leaking secret keys with each signature.