Sending Sensitive Information

We recommend that you encrypt sensitive information in email to protect it from being viewed by unintended recipients. We prefer OpenPGP standard cryptography, which usually means Pretty Good Privacy (PGP) or the GNU Privacy Guard (GnuPG or GPG). However, can use S/MIME or other methods on a case-by-case basis.

Those unable to use PGP can contact us at <cert@cert.org> or <+1 412-268-5800> to arrange alternative methods.

We also encourage you to check the PGP signature on email and documents to ensure that they were produced by the CERT key and have not been altered.


Download and Verify the Current CERT/CC PGP Key

As a good security practice, be sure to validate PGP keys you receive and do not trust unvalidated keys. In the past, forged CERT PGP keys have been created and uploaded to public keyservers. It is important to validate your copy of the CERT PGP public key to ensure it is legitimate.

Click on the icon below to download the latest PGP key:

Our current PGP key has the following properties:


  CERT PGP Key Information
  Key ID: 0x7B502ECF
  Key Type: RSA
Created: 2017-12-01   Expires: 2018-09-30   Key Size: 4096   Key Fingerprint: 2E68 45E0 1437 9689 FA89  4C4A E3DD DC38 7B50 2ECF   UserID: CERT Coordination Center <cert@cert.org>

The CERT PGP keys have an operational life span of approximately one year. When we generate a new key, it will be available from this web page, and we will announce the change.

Call us at +1 412-268-5800 to verify the fingerprint.

CERT/CC PGP Keys History

Below is a list of previously used keys. Do not use these keys for encrypting new information, but the keys may be useful for validating old content.