PGP Encryption at FIRST

FIRST uses Pretty Good Privacy (PGP) encryption for cryptographic privacy in communications with members. In order to provide open channels in which the members can also encrypt messages to the FIRST Secretariat, board members and other teams, FIRST publishes public keys on the public and members' only websites:

• FIRST Infrastructure public PGP key
• FIRST PGP keys directory (members-only)

FIRST Infrastructure public PGP key

Private messages can be sent to the FIRST Infrastructure using it's public PGP key:

FIRST Infrastructure Public PGP Key
Key ID: 0x7F8C656513F6AD57
Fingerprint: 7735 1149 3722 9A3C 2129 8903 7F8C 6565 13F6 AD57

FIRST PGP keys directory

These keys are available for FIRST members only. FIRST members have access to other members' and teams' public PGP key.

• FIRST PGP keys directory

PGP Keysigning Party at the 34th Annual FIRST Conference

This event has now concluded.

John Kristoff of NETSCOUT ASERT, coordinated an in-person PGP key signings for FIRSTCON22 attendees.

While we welcome CSIRT or other shared team keys, many key signing participants will not sign team keys, only individual keys. For additional information on PGP and the key signing process the following links should help familiarize you:

• Wikipedia's Key signing party page
• Debian's Keysigning page
• GnuPG's documentation page
• David E. Ross' PGP Public Key Servers page

Please note: Due to various limitations with PGP key servers today, such as their susceptibility to flooding attacks and limited synchronization, we recommend sending signed keys, preferably encrypted, individually and directly to each associated key party attendee after any key signing party verification activity.