steghide

Embed data in a PNG, prompting for a passphrase

$ steghide embed [[-cf|--coverfile]] [path/to/image.png] [[-ef|--embedfile]] [path/to/data.txt]

$ steghide extract [[-sf|--stegofile]] [path/to/sound.wav]

$ steghide info [path/to/file.jpg]

$ steghide embed [[-cf|--coverfile]] [path/to/image.jpg] [[-ef|--embedfile]] [path/to/data.txt] [[-z|--compress]] [9]

$ steghide encinfo

$ steghide embed [[-cf|--coverfile]] [path/to/image.jpg] [[-ef|--embedfile]] [path/to/data.txt] [[-e|--encryption]] [blowfish|...] [cbc|...]

steghide {--embed | --extract | --info | --version | --help} [options]

Examples:
steghide --embed -ef secret.txt -cf cover.jpg
steghide --extract -sf cover.jpg
steghide --info -sf cover.jpg

--embed
    Initiates the process of embedding a secret file into a chosen cover file.

--extract
    Extracts previously embedded data from a specified stego file.

--info
    Displays detailed information about data that has been embedded in a stego file.

-ef <file>
    Specifies the path to the secret file that is to be embedded.

-cf <file>
    Specifies the path to the cover file (e.g., JPG, WAV) into which data will be embedded.

-sf <file>
    Specifies the path to the stego file (the cover file containing embedded data) for extraction or information display.

-p <passphrase>
    Provides the passphrase for encryption during embedding or decryption during extraction. (It is generally safer to omit this option to be prompted interactively, preventing passphrase exposure in shell history.)

-e <type>
    Sets the encryption algorithm to be used (e.g., rijndael-128, blowfish, des).

-z <level>
    Sets the compression level (from 1 to 9, where 9 is maximum compression) for the embedded data.

-f
    Forces overwriting of any existing output files without prompting for confirmation.

-v
    Enables verbose output, displaying more detailed information about the operation's progress.

-q
    Suppresses all output messages, making the operation run quietly.

steghide is a steganography program designed to conceal data within various types of cover files, specifically supporting JPEG, BMP, WAV, and AU formats. It functions by embedding a secret file into the least significant bits (LSB) of the cover file's data, making the presence of the hidden data imperceptible to the human eye or ear. To ensure confidentiality and integrity, steghide encrypts the embedded data using strong algorithms such as Rijndael (AES), DES, and Blowfish, and employs a passphrase for both encryption and decryption. It also integrates checksums (e.g., SHA256, MD5) to verify data integrity upon extraction. The program offers both embedding and extracting functionalities, making it a versatile command-line tool for covert communication or secure data storage. Users can specify the cover file, the data to be hidden, the output file, and various encryption and compression settings.

Steghide's effectiveness depends on several factors. Its capacity is limited by the cover file's size and format; lossless formats like BMP and WAV are generally more robust than lossy JPEG files, where re-compression or editing can easily destroy embedded data. While designed for imperceptibility, advanced stego-analysis techniques can sometimes detect hidden data. The security of the hidden data is entirely dependent on the strength of the chosen passphrase. It is not suitable for robust digital rights management or situations where absolute undetectability against sophisticated adversaries is required.

When using steghide, selecting a suitable cover file is crucial. Lossless formats such as BMP images and WAV audio files are generally more reliable for embedding data than lossy formats like JPEG, as the compression artifacts or re-saving of JPEGs can inadvertently corrupt or destroy the hidden information. For enhanced security, it's advisable to encrypt the data you wish to hide using a strong passphrase, and ideally, encrypt it independently (e.g., with GPG) before embedding it with steghide.

Steghide was initially developed by Stefan Hetzl in the early 2000s as a free and open-source project. It aimed to provide a reliable command-line steganography tool for Linux systems, focusing on common image and audio formats and integrating strong encryption capabilities. Its consistent development and open-source nature have ensured its continued relevance and use within the cybersecurity and privacy communities for covert data embedding and extraction.

outguess(1), mp3stego(1), gpg(1)