We are moving away from PGP email for coordinated vulnerability disclosure in favor of a web-based platform called VINCE. We encourage you to read about and start using VINCE.
Sending Sensitive Information
We recommend that you encrypt sensitive information in email to protect it from being viewed by unintended recipients. We prefer OpenPGP standard cryptography, which usually means Pretty Good Privacy (PGP) or the GNU Privacy Guard (GnuPG or GPG). However, we can use S/MIME or other methods on a case-by-case basis.
Those unable to use PGP can contact us at <cert@cert.org> or +1 412-268-5800 to arrange alternative methods.
We also encourage you to check the PGP signature on email and documents to verify the authenticity and integrity of mail from the CERT/CC.
Download and Verify the Current CERT/CC PGP Key
Our current PGP key is available below and has the following properties:
Key ID: 9BB4046A774556E4
Key Type: RSA
Key Size: 4096
Created: 2024-02-15 Expires: 2024-10-01 Key Fingerprint: 04C9 4261 6D56 46F1 6926 0C7D 9BB4 046A 7745 56E4
UserID: CERT Coordination Center <cert@cert.org>
The CERT PGP keys have an operational life span of approximately one year. When we generate a new key, it will be published on this page and updated to public keyservers.
Call us at +1 412-268-5800 to verify the fingerprint.
CERT/CC PGP Keys (Current and Historical)
Below is a list of keys currently or previously used by CERT/CC. Please use only the most recent key for encrypting new information.