PGP Encrypt Twitter DMs with Keybase


This is a quick tutorial on how to encrypt your Twitter messages using PGP with the help of Keybase.io.

I read an article yesterday which seemed to imply that Twitter was mangling PGP encrypted messages (albeit unintentionally).

There is a minor bug in Twitter's web interface - but PGP seems to work perfectly in apps. So, I want to demonstrate how it can be done successfully.

I've written this article with a non-technical audience in mind - feel free to point out any areas where I can make my explanations more simple.

Get My Public Key

Suppose you want to send me a message - but you are worried about the contents being seen by someone else. If you encrypt the message to me, only I will be able to read it. In order to encrypt, you need to know my Public Key. This is a digital lock which only I can open.

The website Keybase.io contains a list of people's public keys. You can visit Keybase.io/edent to see mine.

edent keybase-fs8

Encrypt The Message

Keybase gives you the option of encrypting a message to me. Just type what you want to send and hit the "Encrypt" button.
edent encrypt keybase-fs8

Hey presto! A big blob of text which can only be decrypted by me.

edent keybase encrypted text-fs8

Send The Message

It's as simple as copying the entire block of encrypted text and pasting it into a Twitter Direct Message.
edent Twitter pgp-fs8

Ok! Stop! There is a minor problem here. In order for PGP encrypted messages to work, it is important that they are not altered in any way. A rogue space, or missed character, will render the message completed undecipherable.

Some Twitter clients will "helpfully" remove line breaks. A proper PGP message should look like this:

-----BEGIN PGP MESSAGE-----
Version: Keybase OpenPGP v2.0.43
Comment: https://keybase.io/crypto

wcFMAz8xGBvPCGIHAQ//aaPuyglRhwo0hzeVuyDC8pgIGyS7f5oyp99wMRsIh8G0
i6kuo9+dPVNJ+gGLC2B5eMuoYE0Bjv/2YfBkxaJ6HTacniUEgD9x7OxNnQY2PCyi

Not like this:

-----BEGIN PGP MESSAGE----- Version: Keybase OpenPGP v2.0.43 Comment: https://keybase.io/crypto  wcFMAz8xGBvPCGIHAQ//aaPuyglRhwo0hzeVuyDC8pgIGyS7f5oyp99wMRsIh8G0 i6kuo9+dPVNJ+gGLC2B5eMuoYE0Bjv/2YfBkxaJ6HTacniUEgD9x7OxNnQY2PCyi

The Twitter website preserve newlines when you send a message - make sure that your app also does so.

A Word About Message Length

Twitter touts DMs as being "unlimited" - in reality, there's a limit of 10,000 characters. PGP is a relatively efficient way of encrypting text so, depending on your message, you can fit around 9,000 plain text characters into a 10,000 character encrypted message.

In addition, you may only send up to 1,000 Direct Messages per day.

So, no DMing Harry Potter length novels!

Decrypting

Ok, this is where it gets a bit more technical.

It should be fairly easy to decrypt a message that you have been sent - but it will depend on your Twitter client.

When copying from a browser, it is possible that newlines will not be preserved - this may cause your decryption app to think that the message is corrupted.

This is a bug with Twitter's web and mobile-web sites. I've reported it to them. I think they should be encoding \n as <br/> to facilitate copying and pasting.
Twitter PGP no linebreaks-fs8

I've found that copying from apps (on Android) preserves all the line breaks and keeps the formatting intact.

OpenKeyChain-fs8On Android, I use OpenKeyChain. I copy the message from my Twitter client and OpenKeyChain can decrypt directly from my phone's clipboard.

You can also use Keybase to host your private key and decrypt messages in the browser. This is at your own risk.

That's really all there is to it. I've successfully exchanged encrypted messages with several people. The only problems have occurred when trying to copy the message from the Twitter web interface - when using apps everything has been fine.

Obviously, this isn't a fully automated solution (yet!) it would be great if Keybase allowed users to send encrypted DMs directly from its site - or if apps could start offering this natively.

Colin Mahns has written an excellent tutorial for how to integrate OTR (a different encryption protocol) into messaging apps which can work with Twitter.

But, for now, if you want to encrypt a message to me, you can successfully do so using nothing other than a web-browser and a Twitter account.

Have fun!


Update!
It's possible to send encrypted DMs directly from a website or the command line.

Using Twitter Web Intents it's possible to send a Direct Message. If your message starts D edent it will be converted into a DM to me.

So, if we URL Encode the message we want to send:

https://twitter.com/intent/tweet?text=D%20edent%20testing

We can pre-populate the compose window with the DM.

Long DM PGP-fs8

It looks like the message is too long - but the "Tweet" button works and it will be sent to the user:

Long DM PGP Inbox-fs8

Hopefully Twitter will one day make it slightly easier - but for now, at least it works!

One thought on “PGP Encrypt Twitter DMs with Keybase

Leave a Reply

Your email address will not be published. Required fields are marked *