This is demo of Steg (GitHub, npm), steganography library that allows to encrypt and hide arbitrary data inside png images.
- Encodes data using least significant bits of PNG pixels.
- Only PNGs are supported, JPGs cannot be used - every time you save them, they can get re-encoded and some data would be lost, which is a no-go for steganography
- However, you could feed JPG to the encryption form, and it would be converted to PNG
- Encrypts hidden data and its metadata with AES-GCM-256 + Scrypt. LSB bitsTaken are not encrypted, so it is slightly easier to understand something is hidden inside .png, however, since we are using encryption + padding, it's not trivial to understand what's exactly is inside.
- Experimental. Use at your own risk.
Encrypt file and hide it inside image
Extract file from image and decrypt it
Technical information
Algorithm
- Calculate the capacity of png image at given `bitsTaken` and save it into `capacity`
-
Create a flat byte array structure with 5 fields ABCDE, that represents file and its
metadata:
- A `bytes 0..1` name length, 4GB max
- B `bytes 1..[1+name length]` name, 32 bytes max
- C `bytes B..B+4` file size length, 4GB max
- D `bytes C..[C+file length]` file contents
- E `bytes D..end` padding filled with zeros - zeros are okay, since we encrypt them
-
Encrypt ABCDE under given AES key with AES-GCM-256.
- IV `bytes 0..12` taken from CSPRNG
- ciphertext `bytes 12..(end-16)` encrypted ABCD
- auth tag `bytes end-16..end` GCM authentication tag
The web app
-
We're using Scrypt; with
N=2^19, r=8, p=1andsalt="steg-file" - If CSPRNG is not available, the app would crash
- AES GCM Authentication Tag is calculated and verified properly