We are moving away from PGP email for coordinated vulnerability disclosure in favor of a web-based platform called VINCE. We encourage you to read about and start using VINCE.
Sending Sensitive Information
Those unable to use PGP can contact us at <cert@cert<firstname.lastname@example.org> org> or < +1 412-268-5800> 5800 to arrange alternative methods.
We also encourage you to check the PGP signature on email and documents to ensure that they were produced by the CERT key and have not been alteredverify the authenticity and integrity of mail from the CERT/CC.
Download and Verify the Current CERT/CC PGP Key
As a good security practice, be sure to validate PGP keys you receive and do not trust unvalidated keys. In the past, forged CERT PGP keys have been created and uploaded to public keyservers. It is important to validate your copy of the CERT PGP public key to ensure it is legitimate.
Our current PGP key is available below and has the following properties:
Key Type: RSA2017
Key Size: 4096
2022-09-30Key Size: 4096 Key
Key Fingerprint: 7F5F
2B227B50 2ECF UserID
UserID: CERT Coordination Center <email@example.com>
The CERT PGP keys have an operational life span of approximately one year. When we generate a new key, it will be
published on this
and updated to public keyservers.
Call us at +1 412-268-5800 to verify the fingerprint.
CERT/CC PGP Keys (Current and Historical)
Below is a list of keys currently or previously used
by CERT/CC. Please use only the most recent key for encrypting new information.