I’m not sure if I’m the first person to do this – but I’m going to claim credit anyway!
Hello! This Tweet has been signed with my PGP Key. pic.twitter.com/ed4rcldlvw
— Terence Eden (@edent) May 14, 2020
You can verify by pasting the alt text into keybase.io/verify – or by using your favourite command line tool.
Back in 2017, I wondered if Twitter’s alt text could be (ab)used to store message metadata like a PGP signature. Sadly, the limit was 420 characters per image.
At some point in the last few months, Twitter quietly upped the alt text limit to 1,000 characters per image.
So, if you
pgp --sign some text, you can paste the result into the alt text field on Twitter. If I had time, I’d create a Twitter client to do this for you automagically.
I pointed out in 2015 that Twitter Direct Messages were long enough for PGP encrypted messages.
Nowadays, Tweets can contain 280 characters in their body + 4,000 characters of image metadata – that should be more than long enough for a PGP encrypted Tweet.
Of course, due to the “baroque” nature of PGP, there’s a fair chance I’ve messed this up some how!
(NB – alt text is really important for visually impaired users. Please don’t needlessly clutter their timeline with garbage.)