Exchanging Email with US-CERT

When sending sensitive information to US-CERT via email, we encourage you to encrypt your messages. US-CERT uses multiple public keys based upon their purpose. If the purpose of your communication is a cyber security incident report, vulnerability report, or any other technical question related to cyber security, please use the following key:

• User ID: US-CERT Security Operations Center <soc@us-cert.gov>
• Key ID:

  0xBDE5AC10

• Key Type: RSA
• Expires: 2013-09-30
• Key size: 2048
• Fingerprint:

  3EC2 7B68 B072 B65C 9044  BE9C 07B7 E916 BDE5 AC10

Information about other keys can be found on Contacting US-CERT.

Receiving publications in email from US-CERT

US-CERT signs the email distribution of all US-CERT publications, including Alerts, Bulletins and Tips with the following key:

• User ID: US-CERT Publications Key <us-cert@us-cert.gov>
• Key ID:

  0x108B7661

• Key Type: RSA
• Expires: 2013-09-30
• Key Size: 2048
• Fingerprint:

  1157 4C34 FB1C C43F B29B 73FA 7767 844F 108B 7661

Verifying key authenticity

As a good security practice, users should be sure to validate public keys they receive and not trust unvalidated keys. Forged or expired keys may be found on public key servers. It is important to validate your copy of the US-CERT public keys to ensure they are legitimate. You can verify the fingerprints of the keys shown above by contacting the US-CERT hotline at: +1 888-282-0870.

Note: You can also verify the US-CERT Master Key-signing key signature on the keys listed above. We have generated an US-CERT master key that we use only as a key-signing key. Use this master key only for verifying other US-CERT keys:

• Key ID:

  0x8AAA37C8

• Key Type: RSA
• Expires: 2013-10-01
• Key Size: 4096
• Fingerprint:

  374B 1394 5ACE 593D 6055  CD58 45A3 4E57 8AAA 37C8

• User ID: US-CERT Master Key-signing Key (signing only)