CERT

 
Publications Catalog Historical Documents CERT Contact Information Meet CERT Employment Opportunities
 

Sending Sensitive Information to CERT

We strongly urge you to encrypt sensitive information to protect it from being viewed by unintended recipients. We can exchange email with you using PGP or DES. We have STE and STU-III telephones and a secure FAX available, all at the secret level. You can obtain GnuPG or PGP from a variety of sources.

We also encourage you to check our PGP signature on email and documents to ensure that they were indeed written by our staff and have not been altered.

PGP

As a good security practice, users should be sure to validate PGP keys they receive and not trust unvalidated keys. In the past, forged CERT PGP keys have been created and uploaded to public keyservers. It is important to validate your copy of the CERT PGP public key to insure it is legitimate.
  1. Get our PGP public key from the CERT website.

    This PGP key has the following properties: 

    CERT PGP Key Information
Key ID: 0x19A2FD90
Key Type: RSA
Expires: 2012-09-30
Key Size: 2048
Key Fingerprint: 27D0 F3D5 7CB1 C270 768F  8D22 4DA9 A139 19A2 FD90
UserID: CERT Coordination Center <cert@cert.org>
    Information about our old PGP key is available.

    The CERT PGP keys have an operational life span of approximately one year. When we generate a new key, it will be available from this web page, and we will announce the change.

  2. Verify our fingerprint.

    Call the CERT hotline (+1 412 268-7090) to verify our fingerprint.

    If calling us is difficult and you trust that this web page is authentic, you can use the fingerprint below.

    Fingerprint: 27D0 F3D5 7CB1 C270 768F 8D22 4DA9 A139 19A2 FD90

Obtaining GnuPG or PGP

GnuPG

Gnu Privacy Guard offers an OpenPGP-compliant application that is freely available. You may obtain GPG software from GnuPG's distribution site:

http://www.gnupg.org/download.html

This site provides details for the most appropriate software based on your operating system. Please note that the "version compiled for MS-Windows is a command line version and comes with a graphical installer tool."

Graphical user interfaces to GnuPG are available via Gpg4win (note that Gpg4win also includes GnuPG):

http://www.gpg4win.org/

PGP

PGP Corporation offers a range of products, including PGP Desktop, which may be obtained for a free 30-day trial period. You may obtain the software from PGP Corporation's download page:

http://www.pgp.com/downloads/index.html

DES

Contact us to set up a shared key. Call the CERT hotline (+1 412-268-7090) on weekdays between 8:30 and 17:00 (EST - GMT-5, EDT - GMT-4).

STE/STU-III telephones

Our STE and STU-III telephones handle secret and unclassified sensitive information.

Let us know through the CERT hotline (+1 412-268-7090) that you wish to speak with us on the STE or STU-III phones. Please leave your name and telephone number for our COMSEC custodian. The custodian's normal working hours are 8:30 to 17:00 (EST - GMT-5, EDT - GMT-4).

Secure FAX

We can send and accept secure facsimiles. If you need to send us a secure FAX, call the CERT hotline (+1 412-268-7090) on weekdays between 8:30 and 17:00 (EST - GMT-5, EDT - GMT-4).

Last updated November 1, 2010