PGP Sign Your Twitter Messages

by @edent | , , | 3 comments | Read ~2,875 times.

I'm not sure if I'm the first person to do this - but I'm going to claim credit anyway!

You can verify by pasting the alt text into - or by using your favourite command line tool.

Back in 2017, I wondered if Twitter's alt text could be (ab)used to store message metadata like a PGP signature. Sadly, the limit was 420 characters per image.

At some point in the last few months, Twitter quietly upped the alt text limit to 1,000 characters per image.

Twitter's documentation showing the new character limit.

So, if you pgp --sign some text, you can paste the result into the alt text field on Twitter. If I had time, I'd create a Twitter client to do this for you automagically.

I pointed out in 2015 that Twitter Direct Messages were long enough for PGP encrypted messages.

Nowadays, Tweets can contain 280 characters in their body + 4,000 characters of image metadata - that should be more than long enough for a PGP encrypted Tweet.

Of course, due to the "baroque" nature of PGP, there's a fair chance I've messed this up some how!

(NB - alt text is really important for visually impaired users. Please don't needlessly clutter their timeline with garbage.)

3 thoughts on “PGP Sign Your Twitter Messages

  1. Tom says:

    I’ve seen someone using a screenshot of some code, then embedded the code in the alt text... though I think it would be easier to just link to a gist!

  2. George says:

    I think this could have been obtained with the older system if you used a different key type.

    I think different keys yield different PGP signature sizes? for example this is “Hello! This Tweet has been signed with my PGP Key.” signed with an EdDSA 256 key ( which gives a 326 character result:

Leave a Reply

Your email address will not be published. Required fields are marked *