Sending email to US-CERT
When you send sensitive information via email, you should encrypt your
messages. There are multiple versions of encryption software
available:
Commercial:
Freeware/Open Source:
US-CERT encourages you to review the respective User License
Agreement to ensure that you are using appropriate software for your
organization.
As a good security practice, users should be sure to validate
public keys they receive and not trust unvalidated keys. Forged or
expired keys may be found on public key servers. It is important to
validate your copy of the US-CERT public keys to insure they are
legitimate.
The US-CERT uses multiple public keys based upon their purpose.
Information about these keys can be found on Contacting US-CERT. You should verify the
fingerprints by contacting the US-CERT Security Operations Center.
Note: You can also verify the US-CERT Master Key-signing key
signature on the US-CERT Operations key. We have generated an US-CERT
master key that we use only as a key-signing key. Use this master key
only for verifying other US-CERT keys:
Key ID: 0xD01508CC
Key Type: RSA
Expires: 2008-09-14
Fingerprint: CF03 0DC0 2D86 FA86 D4F6 7D6D 9265 B029 D015 08CC
User ID: US-CERT Master Key-signing Key (signing only)
Receiving email from US-CERT
US-CERT signs the email distribution of all US-CERT publications,
including Cyber Security Alerts, Technical Cyber Security Alerts,
Cyber Security Bulletins and Cyber Security Tips with the following
key:
Key ID: 0xF0E187D0
Key Type: RSA
Expires: 2005-10-01
Key Size: 2048
Fingerprint: 049F E3BA 240B 4CF1 3A76 06DC 1868 49EC F0E1 87D0
User ID: US-CERT Operations Key
