3 Ways to Hide Confidential Data Inside Images in Linux

If you have a highly confidential data that you need to share with your friends, how would you send the file across without compromising on its security? You could probably set up a passphrase, or even encrypt the file. What if you could embed the message in an image and send the encrypted image over? The image will look exactly the same as the original and it will special tool and passphrase to extract the embedded message. This form of data encryption is known as Steganography. Here are 3 tools that allow you to do so in Linux.

Steghide is a command line tool that allows you to embed files inside an image or audio file. In Ubuntu, you can click here to install, or install it with the command:

sudo apt-get install steghide

For rpm-based distro, you can download the rpm package from its Sourceforge site.

The usage is simple:

steghide embed -cf picture.jpg -ef secret.txt

For embedding data, you will use the steghide command with the “embed” option. The supported file formats must be of the following: AU, BMP, JPEG or WAV.

steghide before and after encryption

To extract, you will have to use the “extract” option:

steghide extract -sf picture.jpg

steghide-extract-data

There are several more options that you can use with steghide. Refer to its manual for the full documentation.

If you a more user-friendly of encrypting message in images, Steg will be the one for you. Steg comes with an easy to use GUI and is suitable for the average joe.

There is no installation required. Simply download the build (32 bit or 64 bit) from its website, extract the file and run the “steg” application.

steg-window

First, you import in an image that you want to add data to. It will show the image on both the left and right panel so you can see the changes in real-time.

steg-import-image

Click the “Hide Data” icon and select the file that you want to embed in the image.

Lastly, click “Save” to save the encrypted image. Note that it only supports saving to .tif and .png format. If you import in a .jpg file, you can only save in tif or png format.

The good thing about Steg is that there are several encryption methods that you can configure.

  • Auto: The data will be encrypted but no PassPhrase or keys will be required to extract data.
  • Symmetric: when you hide data, data will be encrypted with the provided PassPhrase and the same PassPhrase is required to extract.
  • Asymmetric unsigned: when you want to hide data (you are the sender) only the receiver’s public key is required. When you want to extract data (you are the receiver) only your private key is required.
  • Asymmetric signed: when you want to hide data (you are the sender) the receiver’s public key and your private key are required. When you want to extract data (you are the receiver) only your private key is required but the sender’s public key is requested. If you don’t provide the sender’s public key, at the end of the the extraction process, you will be warned that the sender identity is not verified. If you provide the sender’s public key you will be informed if sign verification is succeeded.

steg-configuration

Outguess is yet another command line-based steganography tool. OutGuess extracts the redundant bits from the image, modifies them and rewrite them back to the original position. In this case, the steganographic content cannot be easily detected in the image.

Installation of OutGuess in Ubuntu is very easy. You can click here to install, or type in the terminal:

sudo apt-get install outguess

To use Outguess to encrypt content, you use the command:

outguess -d secret.txt picture.jpg picture-output.jpg

The “-d” flag refers to the data file you want to embed in the picture. Alternatively, you can also add a message by using the “-k” flag.

outguess -k 'secret message' -d secret.txt picture.jpg picture-output.jpg

As you can see from the screenshot below, Outguess will first extract the redundant (usable) bits from the image, embed the data in and place it back to the image. Lastly, it will check the statistics and make sure it is corrected to the same as before. Anyone that uses statistical correction to check for encrypted content will fail to it in this case.

outguess-embedding-process

To extract the data, you use the command:

 outguess -k "my secret key" -r picture.jpg secret.txt

All the apps above allow you to embed confidential file to an image. If you prefer a user-friendly interface, use Steg. If you prefer to use audio files rather than images, use steghide.

What other apps do you use to embed files inside images?