Rudimentary steganography using bcrypt and pynacl
Python
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
hide
tests
.gitignore
LICENSE
README.md
__init__.py
requirements.txt

README.md

Hide

A steganography python script for encrypting/hiding a zipfile within a image file. Uses bcrypt for the password key deriviation function and PyNaCl for the secret-key cryptography.

How to hide a file

To hide and encrypt a zipfile:

python hide.py -i batman.gif -a zip_archive.zip

You'll be asked for a password and then you're done. If it blows up, it didn't work.

How to unhide a file

To unhide and decrypt a zipfile:

python hide.py -u batman.gif -d

Optional -d flag decompresses the archive to same dir as the image file.

Caveats

I didn't attempt to invent my own cryptography, so Hide is built using the excellent and cryptographically sound bcrypt and PyNaCl libraries. Don't roll your own crypto.

The actual steganography part of this script is rudimentary, so although the crypto is secure, the hidden archive file is easily detectable by someone with decent CS knowledge. That means they can't open the file, but they might know it exists.

Tests

Tests pass python -m unittest tests.test_hide

Requirements

Requires bcrypt and PyNaCl, which you can pip install.

License

Uses the MIT license

TODO

  • Find a better way to write the data to the image. I think doing bytecounts and using those as a flag at the end of the file would be a more robust way to do it, but I'm not 100% certain. Something like image.write(encrypted_file + salt + len(encrypted_file) + len(salt)), but then I don't know how many bytes to count when decrypting it.
  • Maybe add the zip compression directly into the script?
  • Make the filepaths more flexible
  • Make a copy of the original image rather than editing in place?
  • Add it to PyPI