1steghide(1) General Commands Manual steghide(1)
2
6 steghide - a steganography program
7
9 steghide command [ arguments ]
10
12 Steghide is a steganography program that is able to hide data in vari‐
13 ous kinds of image- and audio-files. The color- respectivly sample-fre‐
14 quencies are not changed thus making the embedding resistant against
15 first-order statistical tests.
16 Features include the compression of the embedded data, encryption of
18 the embedded data and automatic integrity checking using a checksum.
19 The JPEG, BMP, WAV and AU file formats are supported for use as cover
20 file. There are no restrictions on the format of the secret data.
21 Steghide uses a graph-theoretic approach to steganography. You do not
23 need to know anything about graph theory to use steghide and you can
24 safely skip the rest of this paragraph if you are not interested in the
25 technical details. The embedding algorithm roughly works as follows: At
26 first, the secret data is compressed and encrypted. Then a sequence of
27 postions of pixels in the cover file is created based on a pseudo-ran‐
28 dom number generator initialized with the passphrase (the secret data
29 will be embedded in the pixels at these positions). Of these positions
30 those that do not need to be changed (because they already contain the
31 correct value by chance) are sorted out. Then a graph-theoretic match‐
32 ing algorithm finds pairs of positions such that exchanging their val‐
33 ues has the effect of embedding the corresponding part of the secret
34 data. If the algorithm cannot find any more such pairs all exchanges
35 are actually performed. The pixels at the remaining positions (the
36 positions that are not part of such a pair) are also modified to con‐
37 tain the embedded data (but this is done by overwriting them, not by
38 exchanging them with other pixels). The fact that (most of) the embed‐
39 ding is done by exchanging pixel values implies that the first-order
40 statistics (i.e. the number of times a color occurs in the picture) is
41 not changed. For audio files the algorithm is the same, except that
42 audio samples are used instead of pixels.
43 The default encryption algorithm is Rijndael with a key size of 128
45 bits (which is AES - the advanced encryption standard) in the cipher
46 block chaining mode. If you do not trust this combination for whatever
47 reason feel free to choose another algorithm/mode combination (informa‐
48 tion about all possible algorithms and modes is displayed by the enc‐
49 info command). The checksum is calculated using the CRC32 algorithm.
50
53 In this section the commands for steghide are listed. The first argu‐
54 ment must always be one of these commands. You can supply additional
55 arguments to the embed, extract and info commands. The other commands
56 to not take any arguments.
57 embed, --embed
59 Embed secret data in a cover file thereby creating a stego file.
60 extract, --extract
62 Extract secret data from a stego file.
63 info, --info
65 Display information about a cover or stego file.
66 encinfo, --encinfo
68 Display a list of encryption algorithms and modes that can be
69 used. No arguments required.
70 version, --version
72 Display short version information. No arguments required.
73 license, --license
75 Display steghide's license. No arguments required.
76 help, --help
78 Display a help screen. No arguments required.
79
82 You should use the embed command if you want to embed secret data in a
83 cover file. The following arguments can be used with the embed command:
84 -ef, --embedfile filename
87 Specify the file that will be embedded (the file that contains
88 the secret message). Note that steghide embeds the original file
89 name in the stego file. When extracting data (see below) the
90 default behaviour is to save the embedded file into the current
91 directory under its original name. If this argument is omitted
92 or filename is -, steghide will read the secret data from stan‐
93 dard input.
94 -cf, --coverfile filename
97 Specify the cover file that will be used to embed data. The
98 cover file must be in one of the following formats: AU, BMP,
99 JPEG or WAV. The file-format will be detected automatically
100 based on header information (the extension is not relevant). If
101 this argument is omitted or filename is -, steghide will read
102 the cover file from standard input.
103 -sf, --stegofile filename
106 Specify the name for the stego file that will be created. If
107 this argument is omitted when calling steghide with the embed
108 command, then the modifications to embed the secret data will be
109 made directly to the cover file without saving it under a new
110 name.
111 -e, --encryption algo [ mode ] | mode [ algo ]
114 Specify encryption parameters. This option must be followed by
115 one or two strings that identify an encryption algorithm and/or
116 mode. You can get the names of all available algorithms and sup‐
117 ported modes with the encinfo command. The default encryption is
118 rijndael-128 (AES) in the cbc mode. If you do not want to use
119 any encryption, use -e none.
120 -z, --compress level
123 Specify the compression level. The compression level can be any
124 number in 1...9 where 1 means best speed and 9 means best com‐
125 pression.
126 -Z, --dontcompress
129 Do not compress the secret data before embedding it.
130 -K, --nochecksum
133 Do not embed a CRC32 checksum. You can use this if the secret
134 data already contains some type of checksum or if you do not
135 want to embed those extra 32 bits needed for the checksum.
136 -N, --dontembedname
139 Do not embed the file name of the secret file. If this option is
140 used, the extractor needs to specify a filename to tell steghide
141 where to write the embedded data.
142
145 If you have received a file that contains a message that has been
146 embedded with steghide, use the extract command to extract it. The fol‐
147 lowing arguments can be used with this command.
148 -sf, --stegofile filename
151 Specify the stego file (the file that contains embedded data).
152 If this argument is omitted or filename is -, steghide will read
153 a stego file from standard input.
154 -xf, --extractfile filename
157 Create a file with the name filename and write the data that is
158 embedded in the stego file to it. This option overrides the
159 filename that is embedded int the stego file. If this argument
160 is omitted, the embedded data will be saved to the current
161 directory under its original name.
162
165 You can use the info command to get some information about a cover or
166 stego file (for example the capacity). You might want to use this if
167 you have received a file and you are not sure if it contains an embed‐
168 ded message or if you consider using a certain file as cover file and
169 want to find out its capacity.
170 The command line steghide info <filename> will print information about
172 <filename> and then ask you if you would like to get information about
173 data that is embedded in that file. If you answer with yes you have to
174 supply the passphrase that was used to embed the data in that file.
175 You can also supply the -p, --passphrase argument (see below) to the
177 info command which has the effect that steghide will automatically try
178 to get information about the data that has been embedded using the
179 given passphrase.
180
183 The following options can be used with all commands (where it makes
184 sense).
185 -p, --passphrase
188 Use the string following this argument as the passphrase. If
189 your passphrase contains whitespace, you have to enclose it in
190 quotes, for example: -p "a very long passphrase".
191 -v, --verbose
194 Display detailed information about the status of the embedding
195 or extracting process.
196 -q, --quiet
199 Supress information messages.
200 -f, --force
203 Always overwrite existing files.
204
207 All file name arguments (-cf, -ef, -sf, -xf) also accept - as a file‐
208 name which makes steghide use standard input or standard output (which‐
209 ever makes sense). Omitting the corresponding file name argument will
210 have the same effect as using - with two exceptions: If -sf is omitted
211 for the embed command, then the modifications will be done directly in
212 the cover file. If -xf is omitted for extraction, then the embedded
213 data will be saved under the file name that is embedded in the stego
214 file. So when you want to be sure that standard input/output is used,
215 use - as filename.
216
219 The basic usage is as follows:
220 $ steghide embed -cf picture.jpg -ef secret.txt
222 Enter passphrase:
223 Re-Enter passphrase:
224 embedding "secret.txt" in "picture.jpg"... done
225 This command will embed the file secret.txt in the cover file pic‐
227 ture.jpg.
228 After you have embedded your secret data as shown above you can send
230 the file picture.jpg to the person who should receive the secret mes‐
231 sage. The receiver has to use steghide in the following way:
232 $ steghide extract -sf picture.jpg
234 Enter passphrase:
235 wrote extracted data to "secret.txt".
236 If the supplied passphrase is correct, the contents of the original
238 file secret.txt will be extracted from the stego file picture.jpg and
239 saved in the current directory.
240 If you have received a file that contains embedded data and you want to
242 get some information about it before extracting it, use the info com‐
243 mand:
244 $ steghide info received_file.wav
246 "received_file.wav":
247 format: wave audio, PCM encoding
248 capacity: 3.5 KB
249 Try to get information about embedded data ? (y/n) y
250 Enter passphrase:
251 embedded file "secret.txt":
252 size: 1.6 KB
253 encrypted: rijndael-128, cbc
254 compressed: yes
255 After printing some general information about the stego file (format,
257 capacity) you will be asked if steghide should try to get information
258 about the embedded data. If you answer with yes you have to supply a
259 passphrase. Steghide will then try to extract the embedded data with
260 that passphrase and - if it succeeds - print some information about it.
261
264 Steghide returns 0 on success and 1 if a failure occured and it had to
265 terminate before completion of the requested operation. Warnings do not
266 have an effect on the return value.
267
270 Stefan Hetzl <shetzl@chello.at>
271 13 Oct 2003 steghide(1)