CERT
 
Publications Catalog Historical Documents CERT Contact Information Meet CERT Employment Opportunities
 

Sending Sensitive Information to CERT

We strongly urge you to encrypt sensitive information to protect it from being viewed by unintended recipients. We can exchange email with you using PGP or DES. We have STE and STU-III telephones and a secure FAX available, all at the secret level. You can obtain GnuPG or PGP from a variety of sources.

We also encourage you to check our PGP signature on email and documents to ensure that they were indeed written by our staff and have not been altered.

PGP

As a good security practice, users should be sure to validate PGP keys they receive and not trust unvalidated keys. In the past, forged CERT PGP keys have been created and uploaded to public keyservers. It is important to validate your copy of the CERT PGP public key to insure it is legitimate.
  1. Get our PGP public key from the CERT website.

    This PGP key has the following properties: 

    CERT PGP Key Information
Key ID: 0xB7FBBBC1
Key Type: RSA
Expires: 2011-10-01
Key Size: 2048
Key Fingerprint: 66A6 DAC9 3014 21CB DCA6  A6F6 3389 F064 B7FB BBC1
UserID: CERT Coordination Center <cert@cert.org>
    Information about our old PGP key can be found here.

    The CERT PGP keys have an operational life span of approximately one year. When we generate a new key, it will be available from this web page, and we will announce the change on our What's New page.

  2. Verify our fingerprint.

    Call the CERT hotline (+1 412 268-7090) to verify our fingerprint.

    If calling us is difficult and you trust that this web page is authentic, you can use the fingerprint below.

    Fingerprint: 66A6 DAC9 3014 21CB DCA6 A6F6 3389 F064 B7FB BBC1

Obtaining GnuPG or PGP

GnuPG

Gnu Privacy Guard offers an OpenPGP compliant application that is freely available. You may obtain GPG software from GnuPG's distribution site:

http://www.gnupg.org/download.html

This site provides details for the most appropriate software based on your operating system. Please note that the version compiled for MS-Windows is a command line version and comes with a graphical installer tool.

Graphical installers are also available via the Windows Privacy Tray:

http://winpt.sourceforge.net/en/

PGP

PGP Corporation offers a range of products, including PGP Desktop, which may be obtained for a free 30-day trial period. You may obtain the software from PGP Corporation's download page:

http://www.pgp.com/downloads/index.html

PGP software includes tools and discussion forums for support, along with an online support portal:

www.pgpsupport.com

DES

Contact us to set up a shared key. Call the CERT hotline (+1 412-268-7090) on weekdays between 8:30 and 17:00 (EST - GMT-5, EDT - GMT-4).

STE/STU-III telephones

Our STE and STU-III telephones handle secret and unclassified sensitive information.

Let us know through the CERT hotline (+1 412-268-7090) that you wish to speak with us on the STE or STU-III phones. Please leave your name and telephone number for our COMSEC custodian. The custodian's normal working hours are 8:30 to 17:00 (EST - GMT-5, EDT - GMT-4).

Secure FAX

We can send and accept secure facsimiles. If you need to send us a secure FAX, call the CERT hotline (+1 412-268-7090) on weekdays between 8:30 and 17:00 (EST - GMT-5, EDT - GMT-4).

Last updated November 17, 2009