Q-CERT banner

main navigation areas

Sending Sensitive Information to Q-CERT

We strongly urge you to encrypt sensitive information. We can exchange email with you using PGP. See the information below about where you can obtain GnuPG or PGP.

Many documents developed by the Q-CERT are signed with the Q-CERT PGP key. We encourage you to check the signature to ensure that the document was indeed written by our staff and has not been changed.

Q-CERT PGP key

As a good security practice, users should be sure to validate PGP keys they receive and not trust unvalidated keys. In the past, forged CSIRT PGP keys have been created and uploaded to public keyservers. It is important to validate your copy of the Q-CERT PGP public key to confirm that it is legitimate.

  1. Obtain our PGP public key from the Q-CERT web site.

    This PGP key has the following properties:

    Q-CERT PGP Key Information
    Key ID: 0x981EF299
    Key Type: RSA
    Expires: 2008-08-28
    Key Size: 2048
    Key fingerprint = BE0A 85A9 C94B D703 EFD8 643C D493 7706 981E F299
    UserID: Q-CERT <q-cert@qcert.org>

    The new key is an RSA key, and it is constructed to provide maximum interoperability and backwards compatibility with as many versions of PGP as possible, as well as with GnuPG.

    The Q-CERT PGP keys have an operational life span of approximately one year. When we generate a new key, it will be available from this web page, and we will announce the change on our home page.

  2. Verify our fingerprint by calling the Q-CERT hotline (+974 499 3408).

Obtaining GnuPG or PGP

GnuPG

Gnu Privacy Guard offers an OpenPGP compliant application that is freely available. You may obtain GPG software from GnuPG's distribution site:

This site provides details for the most appropriate software based on your operating system. Please note that the version compiled for MS-Windows is a command line version and comes with a graphical installer tool.

Graphical installers are also available via the Windows Privacy Tray:

PGP

PGP Corporation offers a range of products, including PGP Desktop, which may be obtained for a free 30-day trial period. You may obtain the software from PGP Corporation's download page:

PGP software includes tools and discussion forums for support, along with an online support portal: