CERT
search  


 
Historical Documents CERT Contact Information Meet CERT Employment Opportunities
 

Sending Sensitive Information to the CERT/CC

We strongly urge you to encrypt sensitive information to protect it from being viewed by unintended recipients. We can exchange email with you using PGP or GPG, which you can obtain from a variety of sources.

Those unable to use PGP/GPG to securely exchange information with the CERT Coordination Center should contact us via the CERT hotline (+1 412-268-7090) on weekdays between 8:30 and 17:00 (EST - GMT-5, EDT - GMT-4) to arrange an alternate method for secure communication (alternative encryption methods, STE/STU telephones, secure fax, etc.).

We also encourage you to check our PGP signature on email and documents to ensure that they were indeed written by our staff and have not been altered.

PGP

As a good security practice, users should be sure to validate PGP keys they receive and not trust unvalidated keys. In the past, forged CERT PGP keys have been created and uploaded to public keyservers. It is important to validate your copy of the CERT PGP public key to insure it is legitimate.
  1. Get our PGP public key from the CERT website.

    This PGP key has the following properties: 

    CERT PGP Key Information
Key ID: 0xCFE0C372
Key Type: RSA
Expires: 2013-09-30
Key Size: 2048
Key Fingerprint: C596 7739 2323 B782 1FE0 0F66 D5C2 01A9 CFE0 C372
UserID: CERT Coordination Center <cert@cert.org>
    Information about our old PGP key is available.

    The CERT PGP keys have an operational life span of approximately one year. When we generate a new key, it will be available from this web page, and we will announce the change.

  2. Verify our fingerprint.

    Call the CERT hotline (+1 412-268-7090) on weekdays between 8:30 and 17:00 (EST - GMT-5, EDT - GMT-4). to verify our fingerprint.

    If calling us is difficult and you trust that this web page is authentic, you can use the fingerprint below.

    Fingerprint: C596 7739 2323 B782 1FE0 0F66 D5C2 01A9 CFE0 C372

Obtaining GnuPG or PGP

GnuPG

Gnu Privacy Guard offers an OpenPGP-compliant application that is freely available. You may obtain GPG software from GnuPG's distribution site:

http://www.gnupg.org/download.html

This site provides details for the most appropriate software based on your operating system. Please note that the "version compiled for MS-Windows is a command line version and comes with a graphical installer tool."

Graphical user interfaces to GnuPG are available via Gpg4win (note that Gpg4win also includes GnuPG):

http://www.gpg4win.org/

PGP

PGP Corporation offers a range of products, including PGP Desktop, which may be obtained for a free 30-day trial period. You may obtain the software from PGP Corporation's download page:

http://www.pgp.com/downloads/index.html

Last updated May 25, 2012