Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
img
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 

speaking-jpg

A simple tool to hide encrypted text messages inside jpeg images.

Why?

I stumbled upon a comment on Hackernews the other day. A secure messaging app that used Tor just passed a security audit and the commenter argued that while this would be safe, once your phone is seized by authorities your use of Tor for messaging would stick out like a sore thumb.

So why not use something way less conspicuous? Speaking-jpg allows you to embed messages in normal jpeg images that can be uploaded and shared via email or social media. Only if the counterparty knows that a message is contained AND has the same key they can retrieve and decrypt the message.

Installation:

npm install speaking-jpg -g

Usage

Embed a message into a jpg

speaking-jpg create
    --in=path/to/img.jpg
    --out=path/to/manipulatedimg.jpg
    --msg="message you want to embed"
    --key="encryptionpassword"

Read a message from a jpg

speaking-jpg read
    --in=path/to/img.jpg
    --key="encryptionpassword"

Limitations

  • Max message length is 65,000 bytes (Sixty-Five-Thousand)
  • Image processing (e.g. resizing upon upload) might strip out the comment.

How does it work?

speaking jpg embeds a comment byte marker into the jpg's meta data section, followed by the total length and a random byte series to identify the comment as speaking-jpg one. Image viewers ignore this segment when parsing the file.

The message itself is stored as aes-256-ctr encrypted utf8 bytes.

Example

Before:

img

After:

hello-world

Note how the unedited image will look identical visually to the edited image.

image

About

A nonsense way to hide encrypted text messages inside jpegs

Resources

License

Releases

No releases published

Packages

No packages published