Skip to main content

To validate our Email by PGP



  1. Get a compatible freeware version of PGP software from PGP Corporation or International PGP Homepage for your operating system.
  2. Get our Public Key from HKCERT web page.
  3. Use PGP software or PGP command line to verify the status of signature.


Our PGP Public key


The HKCERT Public Key is Diffie-Hellman/DSS type and have a life span limit. When there is a new key generated or old key forged, we will announce it on this web page.


Key ID:0x018C7573
Key Type:Diffie-Hellman/DSS
Key Size:2048/1024
Fingerprint:D388 1D39 EB17 32D3 5457 CACA 9BC2 605E 018C 7573
User ID:hkcert


Most of the email messages sent by HKCERT are signed with HKCERT PGP key.


Please note that we have generated a new key on 1 August 2006. The old key (Key ID: 0x677FAB50) have expired on 7 August 2006.


We encourage you to check the PGP signature status to make sure the email message was originated by HKCERT staff.



Verifying PGP message with Email Application supported by PGP Plug-in


  • The quickest and easiest way to verify the email we sent to you is with an application supported by the PGP plug-ins.
  • Although the procedure varies slightly between different email applications, when you are using an application that supports the PGP/MIME standard, you can verify the email messages by clicking an icon attached to your message.



Verifying PGP message with Email Application not supported by PGP Plug-in


  • If you are using an email application that is not supported by the PGP plug-ins, you can check our PGP signature by saving your mail message to a file and running PGP on it.


More information on PGP can be obtained from web pages of the PGP Corporation or International PGP Homepage.