GPG Public Key of Robert L. Vaessen


	Public Keys I use different keys for different roles/reasons (different mailhosts/accounts). I've made the public portions of these keys available for download from various keyservers. Encryption keys are very useful for verifying user identity and ensuring message integrity.
	Search for my keys online You can search for my public keys using any of the publicly available keyservers. Here's are links to some of the key servers available (as of 26 Feb, 2023) online: <https://keys.openpgp.org>, <https://keyserver.pgp.com/vkd/GetWelcomeScreen.event>, <https://keyserver.ubuntu.com>, <https://pgp-servers.net/>, <http://pgp.benny-baumann.de>. Based on correspondence with a respected developer/encryption researcher (Werner Koch), I would recommend that you use <keys.gnupg.net> keyserver above all the others. Use the search functions at these keyservers to search by my name or my email address. Best results are likely obtained by using the gnupg.net site (listed las above/and searching for the key associated with a specific email address). Note: If you see/encounter my 'tollgatecrossing.org' or 'southeastaurora-neighborhoodwatch.org' keys/email addresses, you should know that I no longer use those email addresses, manage those websites, or have rights/registration of those domains. Any email (encrypted or not) sent to those addresses will not be answered by me, and will likely result in a bounce. (This page used to list the actual public keys, but I decided to remove them from this page for security reasons in Feb, 2023. If you'd like to obtain one of my public keys, you should search for them using one of the keyservers listed above, or contact me via email.)
	In the past, spammers have assaulted my digital identity by forging messages to look like they came from me (this hasn't happened since May of 2008). Ensuring delivery of my email, and allowing for verification of messages sent by me is a priority; as a result, I try to use pgp signed messages (whenever possible) with my email correspondence. Thankfully, there's an open source, free and reliable way to make that happen. There's a group of software developers who devote their time and effort in development of a product called 'GPG Tools' it's a series of applications which enable digital signatures and encryption inside the Mac OS X environment. One of the primary components is GPG Mail. GPG Mail is an open source plugin for Apple Mail. It brings the functionality to sign, verify, encrypt and decrypt email using the OpenPGP standard. I use MacGPG 2.2.41 (1051) and a licensed/paid support version of GPG Mail extension* 8.0b5 (as part of GPG Suite 2024.1b2 / released Dec 24th, 2023) with Apple's Mail.app Version 16.0 (3826.200.121)) and macOS Sonoma 15.1 Sequoia for encryption, decryption, and message authentication. If you would like to correspond in secret, please take note of my Public Keys. Note that Apple's Mail.app email client makes used of the MailKit framework. Apple's Mail.app Version 16.0 (3826.200.121) - Distributed with the macOS Operating System: Note that there is now (as of Sep 22nd, 2018) a 'Support Plan' for the GPG Tools Suite - More specifically, the developers are charging a fee for the use of GPG Mail (distributed with the GPG Tools suite). You can download and install all the GPG Tools software for free, but the GPG Mail plugin will only work fully for 30 days; unless you purchase the support plan. You can download and install the software suite without the ability to encrypt or sign (using the GPG Mail plugin) if you'd like; foregoing the need to pay for the support plan, but that means you won't be able to encrypt or sign your email messages (using the GPG Tools) from within Apple's Mail.app. Read this open letter for some of the details regarding the support plan and how GPG Mail came to be 'licensed' software. Note: On the 28th of Sep, 2023, I learned (from the GPG Tools team) that Apple's operating system (macOS Sonoma (Version 14)) broke the integration of the GPG Mail plugin for Apple's email application. macOS Sonoma was launched (released to consumers) on the 26th of Sep, 2023. I didn't update my computer (to Sonoma) until the 27th of Sep, and I logged in for the first time on the 28th of Sep. I confirmed that the GPG Mail plugin was 'gone'. Later, I installed the GPG Mail extension (in beta at the time/still in beta as of Dec 2023). A little history - When Apple released macOS Monterey (Version 12) back in 2021, they introduced a new MailKit framework. This new framework came with a fully functional API for Mail.app that was more secure and could/can be used to build more modern and secure Mail.app Extensions. These extensions could block certain types of content, perform various actions, improve security, and more. They told us so - When Apple released their new MailKit framework (back in 2021), they also said that the legacy Mail.app plugins would cease to work in a future macOS release. They didn't say when in the future, they didn't say which future macOS release... Unfortunately, the new MailKit framework and its API couldn't do things needed to enable PGP encryption in the way that the GPG Mail plugin does/did. So the GPG Tools team continued working on and releasing the GPG Mail plugin, while they simultaneously began working on a new version of the encryption tool, one that would work with Mail.app as an extension. Fast forward to 2024 - It took a while, but Apple finally worked out all the bugs that prevented Mail.app extensions from working under the new Extensions framework. After much testing, troubleshooting, reporting and software updates, Apple has released macOS Sonoma version 14.3 (Jan 22, 2024). With this release, Mail.app extensions (such as the GPG Mail extension) now work with Apple's Mail.app email client. Currently - As of 30 Oct, 2024. On the 20th of Sep, 2024. I installed macOS 15.0 Sequoia on my iMac (27" iMac w/Intel processor). There were no problems with the GPG Mail extension and the new operating system. The mail app and GPG signing/encrypting extension are working together without any issues. I updated to macOS 15.1 Sequoia on the 30th of Oct, 2024, and there were no issues with GPG Mail extension. Why do I use digital signatures or encryption? Well, I don't use the encryption very often, but I have been known to send myself encrypted email containing passwords or private information (banking and medical information) and I use email encryption when sending information to my tax advisor. In addition to the occassional use of encryption (encrypted email), I use pgp/digital signatures quite frequently. I use digital signatures as a way of ensuring message authenticity and non-repudiation. I'm tired of spammers pretending to be me; even my web hosting providers have 'accused' me of being a spammer (on more than one occassion/all without any actual evidence, just 'reported' by someone). By using these signatures (which uses the message content (upon signing) and a private key to create a signature which can be verified by using my public key) I can assure recipients that the message(s) they received were actually sent be me, and it (the content/payload of the message) hasn't been tampered with in transit. My public keys (all of them) are available on various keyservers. If you have any questions or issues with my keys, please let me know.
	What is that "signature.asc" that you sent me? The file (signature.asc - which some recipients see as an attachment) is my PGP electronic signature. It is a simple ASCII (American Standard Code for Information Interchange) file; hence, the extension .asc. There are basically two kinds of PGP signatures: Inline armor, and PGP/MIME attachments. The older, inline signatures can only be used with plain text emails and other text files. They do not authenticate attachments, nor do they work with HTML mail. The advantage of inline signatures is that they do not alarm those unfamiliar with the technology, and are not blocked by servers that strip all attachments. The newer PGP/MIME standard creates a separate signature file (the signature.asc attachment that you might see) that is based on an algorithm which takes as its variables; the data in the document(s), my private key, and if directed to an individual with a known public key, the recipient's public key. To some, the file looks like junk in a text file. Email clients/applications/systems that recognize PGP/MIME automatically decrypt and authenticate the signature, and you never see the attachment. Some Email clients (MUAs / Mail User Agents) automatically recognize PGP signatures (the 'signature.asc' attachement that you saw/see). Some older versions of Microsoft products have not yet incorporated the standard into the application/service (Microsoft seems to think that it's a better idea to use their own proprietary way of encrypting/decrypting messages). There are open and commercial implementations of the PGP/RSA encryption system(s). OpenPGP is implemented through GnuPG, and it's available for a large number of platforms including Linux/Unix, Windows, Mac, and even the PalmOS. Get it or learn more about it at: <https://gnupg.org>. How can I verify the content of an email that has a signature.asc attachment? <https://www.baeldung.com/linux/verify-file-asc-signature>
	Return to Feedback Page of Robert's Home Page. Return to Main Page of Robert's Home Page. Author: Robert L. Vaessen e-mail: Last Updated: October 30, 2024

Public Keys

I use different keys for different roles/reasons (different mailhosts/accounts). I've made the public portions of these keys available for download from various keyservers. Encryption keys are very useful for verifying user identity and ensuring message integrity.