Contact Me🔗

Please feel free to reach out to me! The easiest way to do that is online.

I'm am physically based out of Bologna, Italy, but am also frequently in San Francisco, CA. I'm always happy to meet up for coffee or go for a hike, so drop me a line if you know any good spots. ☕⛰️

👋🏼 Recruiters 💁‍ (please read) 👀🔗

If you're looking to contact me about a job opportunity, thank you!!! I just kindly request that you don't use my personal email address directly, but rather start by contacting me through this recruiting form I have set up. I promise that I will get back to you within a day or two.

Personal Contact🔗

Bluesky faviconBsky keybase logoKeybase X (formerly known as Twitter) logoX (Twitter) Mastodon logoMastodon GitHub logoGitHub Instagram logoInstagram Hacker News logoHacker News LinkedIn logoLinkedIn email iconemail

Professional Contact🔗

For professional opportunities, please use my dedicated form. This helps greatly in making sure I can respond quickly, and it helps me organize the information you have by storing it a uniform format. It takes about 30 seconds to fill out, and you will receive a confirmation message that it worked.

PGP Key🔗

If you need to send me something securely and don't have keybase (or you don't want to use it), you can send me encrypted content, or verify content signed with my signature, directly, using my public pgp key.

  -----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYT1qJhYJKwYBBAHaRw8BAQdAy423mAYGV+aQIosugNJmwfvNyKZZaAJqZjSm
ffw9h++0XlNwZW5jZXIgU2NvcmNlbGxldHRpIChNaWdyYXRlZCBlbWFpbCBmcm9t
IGNvbnRhY3RAc3BlbmMuZXMgdG8gaGVsbG9Ac3BlbmMuZXMpIDxoZWxsb0BzcGVu
Yy5lcz6I7QQwFgoAlRYhBMZmBXa/PFEfwoy7epE2Vgrg6KYlBQJjiToodx0ASSB3
YXMgYW5ub3llZCBieSB0aGUgY29tbWVudCBJIGxlZnQsIHNvIEkgcmV2b2tlZCB0
aGlzIHVpZCBhbmQgYWRkZWQgYW4gaWRlbnRpY2FsIG9uZSB0byBpdCwganVzdCB3
aXRob3V0IHRoZSBjb21tZW50AAoJEJE2Vgrg6KYlU2AA/Aw3qmLtAlTGayp/Vips
dLHwVVlRXYUATYNmzRdfp/MWAQDH3qU8VwT14NSUQ13Cbfa2KilHEQ8UFl9hq9zY
nYFZDoiZBBMWCgBBFiEExmYFdr88UR/CjLt6kTZWCuDopiUFAmOI9b0CGwMFCQPC
ZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQkTZWCuDopiXTiwEA0C2k
K6IDX9jH8YAUdh4x1VY7LTHokcwHZ8+/0llJFlcBALKPn5VYUPkxGPsyDx+fs3cG
m/TBW2GM63yuesgv/90KtCdTcGVuY2VyIFNjb3JjZWxsZXR0aSA8Y29udGFjdEBz
cGVuYy5lcz6IsQQwFgoAWRYhBMZmBXa/PFEfwoy7epE2Vgrg6KYlBQJjiPYdOx0g
bWlncmF0ZWQgbXkgZW1haWwgZnJvbSBjb250YWN0QHNwZW5jLmVzIHRvIGhlbGxv
QHNwZW5jLmVzAAoJEJE2Vgrg6KYlE/kBAK9gB6G8UcnYVFvgn9DRfRPHFpGmWEbf
mjtNzG5BmN4dAPsGJM19fSvRd7Y/SWiAKqM4mYLjNAHpZRja88QWCebzBYiWBBMW
CgA+AhsDBQkDwmcAAheAFiEExmYFdr88UR/CjLt6kTZWCuDopiUFAmFpwasFCwkI
BwIGFQoJCAsCBBYCAwECHgUACgkQkTZWCuDopiU7jAEA5INJx4+sQgVxI41cCBJT
Br43fR+nQh1N33K6SV4rECYBAJM9es4F8JxHhZYx1LLMMbYFHeBwgtMJYX7+4W4v
V5kAtCVTcGVuY2VyIFNjb3JjZWxsZXR0aSA8aGVsbG9Ac3BlbmMuZXM+iJkEExYK
AEEWIQTGZgV2vzxRH8KMu3qRNlYK4OimJQUCY4k5WwIbAwUJA8JnAAULCQgHAgIi
AgYVCgkICwIEFgIDAQIeBwIXgAAKCRCRNlYK4OimJcVGAPwP7r90G5Vyc7IU60Z0
FpXSXZHS08fHSqxGHZZ4MidBPgEAgnipq3f0WkaYEgD4/ZQwpL3Lw1kAHVp5ihsX
ufmtjge4OARhPWomEgorBgEEAZdVAQUBAQdANpb/m7oMZUsX8ksQet5tKpX1I+qc
vL6SZr9pm4lhumIDAQgHiH4EGBYKACYWIQTGZgV2vzxRH8KMu3qRNlYK4OimJQUC
YT1qJgIbDAUJA8JnAAAKCRCRNlYK4OimJWJvAQDY9Lrt4QjV+BtABALhHGNrNAph
6CDWSUZRYo1mw1xgegEAmOaKVL6EKZkdUfSoySz6cOOf7TiWHPjHuIWpREff2wM=
=gVrt
-----END PGP PUBLIC KEY BLOCK-----

(Note: you can verify my public key by checking the DNS record I have associated with it)

dig +short hello._pka.spenc.es. TXT

You should see the same fingerprint as above, along with a link to my ascii public key, encoded in the response.

"v=pka1;fpr=C6660576BF3C511FC28CBB7A9136560AE0E8A625;uri=https://spenc.es/pgp/pubkey.asc.txt"

How To Send Me an Encrypted Message🔗

If you want to send me a message, e.g. hello.txt, that only I can read, take the following steps:

  1. Import my public key, using its key ID (The shorter, 64 bit version is ok)
gpg --keyserver pgp.mit.edu --recv 9136560AE0E8A625
  1. Encrypt your message with me as a recipient
gpg --encrypt --armor --recipient 9136560AE0E8A625 hello.txt

A new, encrypted file will be created, ending in .asc. For example, hello.txt.asc would look like this:

-----BEGIN PGP MESSAGE-----

hF4DX2iXAh60pdYSAQdA6jTQnmRM5dXH0w/nH+bgSud6FIT0SR1bBvazeEUSRXkw
wuGDNFcEaB6gFKcN24R/AH3IqjpTzOgpbha9Qbzr4dbkB4ooN2dXUIeVAqj+oqbk
1FEBCQIQdpPd9lg+P/k+l9wpFrHv9aXtIF09Sy2wk+sJBBVBlLtbJw+qMJTmn4Na
Izi0RCO7mEeB/L3K6zOuM1UDB38UxkJdMb9VUP1ks+E94/o=
=0O75
-----END PGP MESSAGE-----
  1. Send me the message

You can attach it in an email or just copy and paste the file created from step #2 directly in the email body.

How To Verify Content Signed with My Signature🔗

If someone sends you something claiming it's from me, you can verify that I really sent it using the command line tool gpg to check the message with my digital signature. For example, if you receive a signed message named hello.txt.asc, claiming to be from me, you can verify the signature used to make the message and compare it my own.

Here's an example signed message, e.g. hello.txt.asc:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

hello
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTGZgV2vzxRH8KMu3qRNlYK4OimJQUCY4k/VAAKCRCRNlYK4Oim
JeEbAP9hAHE0JZVDrDEVLBiu8VbWCGq0WVXNqtfO5dhXaabllwEAm2/kNwna48Jp
q0xkwPcU+FBmdXhOA9NWzlBPLzzGSwE=
=rkz9
-----END PGP SIGNATURE-----

You can verify that I indeed really did send it by following the following steps:

  1. Import my public key, using its key ID (shorter, 64 bit version is ok)
gpg --keyserver pgp.mit.edu --recv 9136560AE0E8A625
  1. Verify the message
gpg --verify hello.txt.asc

You will then see a message that looks somewhat like this:

gpg: Signature made Ven  2 Dic 00:57:08 2022 CET
gpg:                using EDDSA key C6660576BF3C511FC28CBB7A9136560AE0E8A625
gpg: Good signature from "Spencer Scorcelletti <hello@spenc.es>" [ultimate]
gpg: WARNING: not a detached signature; file 'hello.txt' was NOT verified!

☑️ Make sure that the key ID there 👆 matches mine: C6660576BF3C511FC28CBB7A9136560AE0E8A625