Rudimentary steganography using bcrypt and pynacl
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


A steganography python script for encrypting/hiding a zipfile within a image file. Uses bcrypt for the password key deriviation function and PyNaCl for the secret-key cryptography.

How to hide a file

To hide and encrypt a zipfile:

python -i batman.gif -a

You'll be asked for a password and then you're done. If it blows up, it didn't work.

How to unhide a file

To unhide and decrypt a zipfile:

python -u batman.gif -d

Optional -d flag decompresses the archive to same dir as the image file.


I didn't attempt to invent my own cryptography, so Hide is built using the excellent and cryptographically sound bcrypt and PyNaCl libraries. Don't roll your own crypto.

The actual steganography part of this script is rudimentary, so although the crypto is secure, the hidden archive file is easily detectable by someone with decent CS knowledge. That means they can't open the file, but they might know it exists.


Tests pass python -m unittest tests.test_hide


Requires bcrypt and PyNaCl, which you can pip install.


Uses the MIT license


  • Find a better way to write the data to the image. I think doing bytecounts and using those as a flag at the end of the file would be a more robust way to do it, but I'm not 100% certain. Something like image.write(encrypted_file + salt + len(encrypted_file) + len(salt)), but then I don't know how many bytes to count when decrypting it.
  • Maybe add the zip compression directly into the script?
  • Make the filepaths more flexible
  • Make a copy of the original image rather than editing in place?
  • Add it to PyPI