1. Steghide
Steghide is a command line tool that allows you to embed files inside an image or audio file. In Ubuntu, you can click here to install, or install it with the command: For rpm-based distro, you can download the rpm package from its Sourceforge site. The usage is simple: For embedding data, you will use the steghide command with the “embed” option. The supported file formats must be of the following: AU, BMP, JPEG or WAV.
To extract, you will have to use the “extract” option:
There are several more options that you can use with steghide. Refer to its manual for the full documentation.
2. Steg
If you a more user-friendly of encrypting message in images, Steg will be the one for you. Steg comes with an easy to use GUI and is suitable for the average joe. There is no installation required. Simply download the build (32 bit or 64 bit) from its website, extract the file and run the “steg” application.
First, you import in an image that you want to add data to. It will show the image on both the left and right panel so you can see the changes in real-time.
Click the “Hide Data” icon and select the file that you want to embed in the image. Lastly, click “Save” to save the encrypted image. Note that it only supports saving to .tif and .png format. If you import in a .jpg file, you can only save in tif or png format. The good thing about Steg is that there are several encryption methods that you can configure.
Auto: The data will be encrypted but no PassPhrase or keys will be required to extract data. Symmetric: when you hide data, data will be encrypted with the provided PassPhrase and the same PassPhrase is required to extract. Asymmetric unsigned: when you want to hide data (you are the sender) only the receiver’s public key is required. When you want to extract data (you are the receiver) only your private key is required. Asymmetric signed: when you want to hide data (you are the sender) the receiver’s public key and your private key are required. When you want to extract data (you are the receiver) only your private key is required but the sender’s public key is requested. If you don’t provide the sender’s public key, at the end of the the extraction process, you will be warned that the sender identity is not verified. If you provide the sender’s public key you will be informed if sign verification is succeeded.
3. OutGuess
Outguess is yet another command line-based steganography tool. OutGuess extracts the redundant bits from the image, modifies them and rewrite them back to the original position. In this case, the steganographic content cannot be easily detected in the image. Installation of OutGuess in Ubuntu is very easy. You can install from the Software Center, or type in the terminal: To use Outguess to encrypt content, you use the command: The “-d” flag refers to the data file you want to embed in the picture. Alternatively, you can also add a message by using the “-k” flag. As you can see from the screenshot below, Outguess will first extract the redundant (usable) bits from the image, embed the data in and place it back to the image. Lastly, it will check the statistics and make sure it is corrected to the same as before. Anyone that uses statistical correction to check for encrypted content will fail to it in this case.
To extract the data, you use the command:
Conclusion
All the apps above allow you to embed confidential file to an image. If you prefer a user-friendly interface, use Steg. If you prefer to use audio files rather than images, use steghide. What other apps do you use to embed files inside images?