Sending Sensitive Information to the CERT/CC
We strongly urge you to encrypt sensitive information to protect it from being viewed by unintended recipients. We can exchange email with you using PGP or GPG, which you can obtain from a variety of sources.
Those unable to use PGP/GPG to securely exchange information with the CERT Coordination Center should contact us via the CERT hotline (+1 412-268-7090) on weekdays between 8:30 and 17:00 (EST - GMT-5, EDT - GMT-4) to arrange an alternate method for secure communication (alternative encryption methods, STE/STU telephones, secure fax, etc.).
We also encourage you to check our PGP signature on email and documents to ensure that they were indeed written by our staff and have not been altered.
PGPAs a good security practice, users should be sure to validate PGP keys they receive and not trust unvalidated keys. In the past, forged CERT PGP keys have been created and uploaded to public keyservers. It is important to validate your copy of the CERT PGP public key to insure it is legitimate.
Obtaining GnuPG or PGPGnuPG
Gnu Privacy Guard offers an OpenPGP-compliant application that is freely available. You may obtain GPG software from GnuPG's distribution site:
This site provides details for the most appropriate software based on your operating system. Please note that the "version compiled for MS-Windows is a command line version and comes with a graphical installer tool."
Graphical user interfaces to GnuPG are available via Gpg4win (note that Gpg4win also includes GnuPG):
PGP Corporation offers a range of products, including PGP Desktop, which may be obtained for a free 30-day trial period. You may obtain the software from PGP Corporation's download page:
Last updated July 25, 2013