PGP Sign Your Twitter Messages


I'm not sure if I'm the first person to do this - but I'm going to claim credit anyway!

You can verify by pasting the alt text into keybase.io/verify - or by using your favourite command line tool.

Back in 2017, I wondered if Twitter's alt text could be (ab)used to store message metadata like a PGP signature. Sadly, the limit was 420 characters per image.

At some point in the last few months, Twitter quietly upped the alt text limit to 1,000 characters per image.

Twitter's documentation showing the new character limit.

So, if you pgp --sign some text, you can paste the result into the alt text field on Twitter. If I had time, I'd create a Twitter client to do this for you automagically.

I pointed out in 2015 that Twitter Direct Messages were long enough for PGP encrypted messages.

Nowadays, Tweets can contain 280 characters in their body + 4,000 characters of image metadata - that should be more than long enough for a PGP encrypted Tweet.

Of course, due to the "baroque" nature of PGP, there's a fair chance I've messed this up some how!

(NB - alt text is really important for visually impaired users. Please don't needlessly clutter their timeline with garbage.)


Share this post on…

3 thoughts on “PGP Sign Your Twitter Messages”

  1. says:

    I’ve seen someone using a screenshot of some code, then embedded the code in the alt text... though I think it would be easier to just link to a gist!


    Reply

What are your reckons?

All comments are moderated and may not be published immediately. Your email address will not be published.Allowed HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <p> <pre> <br> <img src="" alt="" title="" srcset="">