Contact Me🔗

Please feel free to reach out to me! The easiest way to do that is online.

I'm am physically based out of Bologna, Italy, but am also frequently in San Francisco, CA. I'm always happy to meet up for coffee or go for a hike, so drop me a line if you know any good spots. ☕⛰️

👋🏼 Recruiters 💁‍ (please read) 👀🔗

If you're looking to contact me about a job opportunity, thank you!!! I just kindly request that you don't use my personal email address directly, but rather start by contacting me through this recruiting form I have set up. I promise that I will get back to you within a day or two.

Personal Contact🔗

Bluesky Mastodon GitHub Instagram Hacker News LinkedIn email

Professional Contact🔗

For professional opportunities, please use my dedicated form. This helps greatly in making sure I can respond quickly, and it helps me organize the information you have by storing it a uniform format. It takes about 30 seconds to fill out, and you will receive a confirmation message that it worked.

PGP Key🔗

If you need to send me something securely, you can send me encrypted content, or verify content signed with my signature, directly, using my public pgp key.

  -----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYT1qJhYJKwYBBAHaRw8BAQdAy423mAYGV+aQIosugNJmwfvNyKZZaAJqZjSm
ffw9h++0JVNwZW5jZXIgU2NvcmNlbGxldHRpIDxoZWxsb0BzcGVuYy5lcz6ImQQT
FgoAQQIbAwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgBYhBMZmBXa/PFEfwoy7
epE2Vgrg6KYlBQJnZaSKBQkICW3kAAoJEJE2Vgrg6KYlOLkBALeDiwx0Z81kPJOQ
UJMqCMe53NMjDOTS+DsnoCtRSFWXAP48fA1SB2ICKS+JUcnI4zbiM+e8frpvp6xS
sthjb8HCBLReU3BlbmNlciBTY29yY2VsbGV0dGkgKE1pZ3JhdGVkIGVtYWlsIGZy
b20gY29udGFjdEBzcGVuYy5lcyB0byBoZWxsb0BzcGVuYy5lcykgPGhlbGxvQHNw
ZW5jLmVzPojtBDAWCgCVFiEExmYFdr88UR/CjLt6kTZWCuDopiUFAmOJOih3HQBJ
IHdhcyBhbm5veWVkIGJ5IHRoZSBjb21tZW50IEkgbGVmdCwgc28gSSByZXZva2Vk
IHRoaXMgdWlkIGFuZCBhZGRlZCBhbiBpZGVudGljYWwgb25lIHRvIGl0LCBqdXN0
IHdpdGhvdXQgdGhlIGNvbW1lbnQACgkQkTZWCuDopiVTYAD8DDeqYu0CVMZrKn9W
Kmx0sfBVWVFdhQBNg2bNF1+n8xYBAMfepTxXBPXg1JRDXcJt9rYqKUcRDxQWX2Gr
3NidgVkOiJkEExYKAEEWIQTGZgV2vzxRH8KMu3qRNlYK4OimJQUCY4j1vQIbAwUJ
A8JnAAULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgAAKCRCRNlYK4OimJdOLAQDQ
LaQrogNf2MfxgBR2HjHVVjstMeiRzAdnz7/SWUkWVwEAso+flVhQ+TEY+zIPH5+z
dwab9MFbYYzrfK56yC//3Qq0J1NwZW5jZXIgU2NvcmNlbGxldHRpIDxjb250YWN0
QHNwZW5jLmVzPoixBDAWCgBZFiEExmYFdr88UR/CjLt6kTZWCuDopiUFAmOI9h07
HSBtaWdyYXRlZCBteSBlbWFpbCBmcm9tIGNvbnRhY3RAc3BlbmMuZXMgdG8gaGVs
bG9Ac3BlbmMuZXMACgkQkTZWCuDopiUT+QEAr2AHobxRydhUW+Cf0NF9E8cWkaZY
Rt+aO03MbkGY3h0A+wYkzX19K9F3tj9JaIAqoziZguM0AellGNrzxBYJ5vMFiJYE
ExYKAD4CGwMFCQPCZwACF4AWIQTGZgV2vzxRH8KMu3qRNlYK4OimJQUCYWnBqwUL
CQgHAgYVCgkICwIEFgIDAQIeBQAKCRCRNlYK4OimJTuMAQDkg0nHj6xCBXEjjVwI
ElMGvjd9H6dCHU3fcrpJXisQJgEAkz16zgXwnEeFljHUsswxtgUd4HCC0wlhfv7h
bi9XmQC4OARhPWomEgorBgEEAZdVAQUBAQdANpb/m7oMZUsX8ksQet5tKpX1I+qc
vL6SZr9pm4lhumIDAQgHiH4EGBYKACYCGwwWIQTGZgV2vzxRH8KMu3qRNlYK4Oim
JQUCZ2WkSgUJCAltpAAKCRCRNlYK4OimJd1HAQCHPTJV5lfPHhkh0mA6wFg0BxZ/
+nZPKGbmnpXtiAZTpAEAk+hIn3fTTJt1nHZzSFEydhqPKbcAAC3qI+t25kWdVwA=
=bEju
-----END PGP PUBLIC KEY BLOCK-----

• My full key ID is C6660576BF3C511FC28CBB7A9136560AE0E8A625
• In fingerprint form it is C666 0576 BF3C 511F C28C BB7A 9136 560A E0E8 A625
• It's shortened (64 bit) version is 9136560AE0E8A625

(Note: you can verify my public key by checking the DNS record I have associated with it)

dig +short hello._pka.spenc.es. TXT

You should see the same fingerprint as above, along with a link to my ascii public key, encoded in the response.

"v=pka1;fpr=C6660576BF3C511FC28CBB7A9136560AE0E8A625;uri=https://spenc.es/pgp/pubkey.asc.txt"

How To Send Me an Encrypted Message🔗

If you want to send me a message, e.g. hello.txt, that only I can read, take the following steps:

1. Import my public key, using its key ID (The shorter, 64 bit version is ok)

gpg --keyserver pgp.mit.edu --recv 9136560AE0E8A625

2. Encrypt your message with me as a recipient

gpg --encrypt --armor --recipient 9136560AE0E8A625 hello.txt

A new, encrypted file will be created, ending in .asc. For example, hello.txt.asc would look like this:

-----BEGIN PGP MESSAGE-----

hF4DX2iXAh60pdYSAQdA6jTQnmRM5dXH0w/nH+bgSud6FIT0SR1bBvazeEUSRXkw
wuGDNFcEaB6gFKcN24R/AH3IqjpTzOgpbha9Qbzr4dbkB4ooN2dXUIeVAqj+oqbk
1FEBCQIQdpPd9lg+P/k+l9wpFrHv9aXtIF09Sy2wk+sJBBVBlLtbJw+qMJTmn4Na
Izi0RCO7mEeB/L3K6zOuM1UDB38UxkJdMb9VUP1ks+E94/o=
=0O75
-----END PGP MESSAGE-----

3. Send me the message

You can attach it in an email or just copy and paste the file created from step #2 directly in the email body.

How To Verify Content Signed with My Signature🔗

If someone sends you something claiming it's from me, you can verify that I really sent it using the command line tool gpg to check the message with my digital signature. For example, if you receive a signed message named hello.txt.asc, claiming to be from me, you can verify the signature used to make the message and compare it my own.

Here's an example signed message, e.g. hello.txt.asc:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

hello
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTGZgV2vzxRH8KMu3qRNlYK4OimJQUCY4k/VAAKCRCRNlYK4Oim
JeEbAP9hAHE0JZVDrDEVLBiu8VbWCGq0WVXNqtfO5dhXaabllwEAm2/kNwna48Jp
q0xkwPcU+FBmdXhOA9NWzlBPLzzGSwE=
=rkz9
-----END PGP SIGNATURE-----

You can verify that I indeed really did send it by following the following steps:

1. Import my public key, using its key ID (shorter, 64 bit version is ok)

gpg --keyserver keys.openpgp.org --recv 9136560AE0E8A625

2. Verify the message

gpg --verify hello.txt.asc

You will then see a message that looks somewhat like this:

gpg: Signature made Ven  2 Dic 00:57:08 2022 CET
gpg:                using EDDSA key C6660576BF3C511FC28CBB7A9136560AE0E8A625
gpg: Good signature from "Spencer Scorcelletti <hello@spenc.es>" [ultimate]
gpg: WARNING: not a detached signature; file 'hello.txt' was NOT verified!

☑️ Make sure that the key ID there 👆 matches mine: C6660576BF3C511FC28CBB7A9136560AE0E8A625