PGP Sign Your Twitter Messages
I'm not sure if I'm the first person to do this - but I'm going to claim credit anyway!
You can verify by pasting the alt text into keybase.io/verify - or by using your favourite command line tool.
Back in 2017, I wondered if Twitter's alt text could be (ab)used to store message metadata like a PGP signature. Sadly, the limit was 420 characters per image.
At some point in the last few months, Twitter quietly upped the alt text limit to 1,000 characters per image.
So, if you pgp --sign
some text, you can paste the result into the alt text field on Twitter. If I had time, I'd create a Twitter client to do this for you automagically.
I pointed out in 2015 that Twitter Direct Messages were long enough for PGP encrypted messages.
Nowadays, Tweets can contain 280 characters in their body + 4,000 characters of image metadata - that should be more than long enough for a PGP encrypted Tweet.
Of course, due to the "baroque" nature of PGP, there's a fair chance I've messed this up some how!
(NB - alt text is really important for visually impaired users. Please don't needlessly clutter their timeline with garbage.)
Hacker News said on twitter.com:
PGP Signed Tweets: shkspr.mobi/blog/2020/05/p… Comments: news.ycombinator.com/item?id=231780…
Tom said on twitter.com:
I’ve seen someone using a screenshot of some code, then embedded the code in the alt text... though I think it would be easier to just link to a gist!
George says:
I think this could have been obtained with the older system if you used a different key type.
I think different keys yield different PGP signature sizes? for example this is “Hello! This Tweet has been signed with my PGP Key.” signed with an EdDSA 256 key (https://fozzie.dev/.well-known/pgp-key.txt) which gives a 326 character result: https://pastebin.com/izcEK4k0