stegcrypt
Professional steganography with AEAD encryption and K-of-N threshold split
v1.0.1
Linux
Quick Start
Install via jcli
jcli install stegcryptSingle carrier
# Hide a file inside one PNG
stegcrypt embed --carrier photo.png --secret notes.txt --out stego.png
# Recover it
stegcrypt extract --in stego.png --out notes.txtK-of-N threshold split
# Distribute a file across 5 carriers; any 3 of them can reconstruct
stegcrypt embed-split --shares 5 --threshold 3 \
--carrier a.png --carrier b.png --carrier c.png \
--carrier d.png --carrier e.png \
--secret vault.tar.gz --out-dir shares
# Recipient with any 3 of the 5 stego files:
stegcrypt gather --out vault.tar.gz shares/share-00.png shares/share-02.png shares/share-04.pngDefensive use — statistical detection
# Run chi-square + sample-pair tests on a suspect file
stegcrypt detect --in suspect.pngWhat it does
stegcrypt hides a secret inside one or more carrier files. Encryption is authenticated (any tampering surfaces as a clean failure, not garbage output), and the K-of-N threshold mode means an attacker needs both the password and at least K of N carriers to recover anything.
- Carriers: PNG / BMP (LSB in RGBA pixels) and 16-bit PCM WAV (LSB in audio samples). JPEG is deferred to v1.1 (DCT embedding is a separate engine).
- Cipher: AES-256-GCM (default; hardware-accelerated on modern CPUs) or ChaCha20-Poly1305 via
--cipher chacha. Both are AEAD — authenticated and tamper-evident. - Key derivation: Argon2id with 64 MiB memory cost. Memory-hard, GPU-resistant. The OWASP-recommended KDF for password-protected data.
- Position shuffle: a password-derived ChaCha20 RNG picks non-sequential LSB target positions. Naive "scan the LSB plane" tools find nothing.
- K-of-N split: Shamir's Secret Sharing on the data key (information-theoretically secure) + Reed-Solomon erasure-coded ciphertext. Lose up to
N-Kcarriers and still recover. Each share is itself password-wrapped. - Self-describing header: the recipient needs only the password — salt, nonce, and KDF parameters travel inside the carrier.
- Detection module: chi-square + sample-pair statistical tests for triage. NOT a guaranteed detector (modern stego evades both), but catches naive LSB embedding.
Subcommands
| Command | What it does |
|---|---|
embed | Hide a file inside one carrier |
extract | Recover the secret from one stego carrier |
embed-split | Distribute across N carriers, any K reconstruct |
gather | Reconstruct from K-of-N share files |
capacity | Print the bytes available in a carrier at given LSB depth |
inspect | Carrier dimensions, channels, and capacity estimates |
detect | Chi-square + sample-pair statistical stego triage |
key-new | Generate a long random key file (alternative to a password) |
Security notes
- Passwords are read from
--password-file,STEGCRYPT_PASSWORD, or an interactive prompt — never from the command line, because thepstable and shell history both leak literal arguments. - The Shamir share each carrier holds is itself encrypted under a password-derived key, so capturing K stego files without the password reveals nothing.
- Reed-Solomon parity provides resilience, not confidentiality. The AEAD layer above it is what protects the secret.
- Default settings (LSB 1 bit, shuffle on) produce images that survive naive LSB-plane visualisation and pass chi-square at default thresholds. Higher
--lsb-bitstrades visibility for capacity. - Use independent carriers for threshold splits (different photos, not N copies of the same one). Otherwise a steganalyst comparing them detects the structure.
- The chi-square / sample-pair detectors are intentionally conservative — they catch naive LSB embedding but won't see modern stego or stegcrypt's own shuffled output at low utilisation. They are a triage signal, not a verdict.
Use lawfully. stegcrypt is appropriate for: securely transporting personal data on untrusted networks, distributing recovery secrets across trusted parties, blue-team / DFIR steganalysis, and authorised security research. It is not appropriate for use in jurisdictions that restrict cryptography, or to bypass legal disclosure obligations. Operator responsibility.