‘Steghide’ is a pretty useful tool (steganography program) that lets you encrypt and hide a file inside another file’s content, so it’ll be ‘invisible’ to others (under most situations) thus helping while enhancing the security of your sensitive data.
For example, let’s say you encrypted and attached a text file into an image, then there’s no way that anyone (most users at least) could even suspect, that particular image has a text file, hidden inside. The image will appear to be perfectly normal, anyone can view it etc, yet, the attached text file won’t be visible.
Even if they were able to find that there’s a text or something is attached to it (by using a special tool), because it’s encrypted, unless they know the password, they won’t be able read its content.
This is what ‘Steghide’ basically does. First it compress and then encrypts the file using AES (powerful algorithm) and at the end (after attaching it), verifies the integrity. But it has few limitations that are worth mentioning as well.
1. You can hide any file (anything, video, audio, programs etc) but, the files that are being used for attaching them (called ‘cover files’), are limited to few image and audio formats (JPEG, BMP, AU and WAV).
2. The ‘cover file’ should be bigger than the file that you want to hide. And you cannot create a ‘cover file’ out of thin air, it has to be real.
3. It’s not ideal for hiding huge encrypted files.
For example, it won’t be practical attach a 200MB of data into a JPEG file as the resulting image will be more than 200MB in size. So anyone can easily get suspicious, plus, it’s not gonna be easy to find a JPEG file in such large sizes.
But, because WAV files are known to be pretty big, you can easily hide a reasonable amount of encrypted data using them though.
How does it hide files (simple explanation)?
According to its manual, this is what it does.
If you hide a text file using an image, then after ‘Steghide’ encrypts and compresses the text file, it’ll also ‘convert’ its data to look like it holds data of an image (pixels!). If you use an audio file instead of the image, then it’ll ‘convert’ the text data into ‘audio samples’. That’s how the data becomes ‘invisible’ once gets mixed.
Anyway, if you’re okay with those limitations, you can install it in Ubuntu 12.10 Quantal Quetzal, 12.04 Precise Pangolin, 11.10, 11.04 etc by using the below command.
sudo apt-get install steghide
How to use it?
1. Hiding …
Let’s say that I have a document called ‘secret.odt’ (again, you can hide any file) and want to hide it using an audio file called ‘demo.wav’, then I’ll enter the below command in my Terminal.
steghide embed -cf demo.wav -ef secret.odt
Make sure to replace ‘demo.wav’ and ‘secret.odt’ files with the names and the path of your files. For ease of remembering; ‘-cf’ means the ‘cover file’ (the source file used for hiding) and ‘-ef’ means ‘embed file’ (the real file that you want to hide).
After that, it’ll ask for a password (for the encryption) and the rest is pretty automatic. That’s it, now it’s hidden.
You can also try playing the audio file and you’ll see that it plays perfectly so no one would even suspect anything :).
2. Getting (unhiding) it back …
Unhiding and extracting the hidden file is also pretty easy. To extract the attached ‘secret.odt’ file (above) from the ‘demo.wav’, I’ll use the below command.
steghide extract -sf demo.wav
As you can see, you only have to enter the ‘cover files’ name and then it’ll ask for the password that you entered earlier and the hidden file will be extracted and saved in the save location automatically (as shown in the above screnshot).
3. Checking a file for hidden content …
You can use the below command to check whether a certain file has a secretly attached file in it.
steghide info demo.wav
Again, make sure to replace ‘demo.wav’ with your file’s name.
Well, that’s pretty much how you use ‘Steghide’ :). You can also change the encryption algorithm, compression levels etc as well. For that, please refer to its well written manual by using the below command.
Please remember, nothing can make your data secure 100%, nor does ‘Steghide’ can, but then again, it has its uses. Good luck.