How to embed a secret message using steganography

Steganography is the process of hiding one secret file inside another file so that it is invisible to others. Usually, in the steganography process, the secret message is inside a text file, concealed within images and audio. A secret message is any data the sender wants to conceal from others because the information has some monetary or confidential significance.

Another significance of steganography is that it doesn’t arouse suspicion because, in actuality, the data transferred is concealed. All an individual can see is a form of multimedia that holds no significance. It is often used for privacy, security, and safe communications.

Note: The Encryption process converts the data into a secure cipher text to safeguard its confidentiality. On the other hand, the steganography process hides the existing data within another file without altering the data.

Steganography using steghide

Steghide is an open-source terminal-based digital steganography tool. Steghide uses various encryption techniques to conceal the data within a multimedia. Steghide compresses the secret data, and a pseudorandom number generator initialized by a passphrase generates a sequence of pixels positioned in the cover image. Then, the secret data is embedded in the pixel position generated.

Using the example below, let’s analyze the installation, embedding, and extraction process.

Installation

First, we need to install steghide. It can be done by running the following command in the terminal.

Steghide uses two mechanisms to ensure the security of the transferred secret text. The two methods are as follows:

• Concealment: It hides the secret text within seemingly unsuspicious multimedia files.

• Passphrase: It uses a passphrase to embed and extract data to the multimedia file.

Using the two methods, the secrecy and confidentiality of the hidden message stays intact. The directory structure to process the steghide concealment process is as follows:

• input.png: This is the initial image used as a cover to hide the secret message. The input image used in this example is as follows.

• secret.txt: This is the secret text that is supposed to be concealed within the cover image.

Embedding

To embed the data, navigate to the folder containing both the files, input.png and secret.txt. Run the following command.

Let’s break down the command to understand the process.

• steghide embed: This is the keyword to start the steghide tool and the embedding process.

• -cf: This is the flag to specify the path to the input cover image.

• -ef: This is the flag to specify the path to the secret message file.

• -sf: This is the flag to specify the name of the output file with the concealed data.

• concealed_output.jpg: This is the name of the file in which output is to be stored.

When we run the command, the steghide asks for a passphrase, the secret passphrase, to carry out the embedding and extraction process.

Extraction

The extraction process occurs at the receiver side. It is sent to the receiver once the data is embedded and concealed. The receiver must know the passphrase to extract the concealed information within the cover image. If, by any chance, the unauthorized person gets a hold of the image and is suspicious, the secret message still can't be displayed unless the passphrase is known.

To extract the information, we use the following command.

Let’s break the command to understand its flags and files better.

• steghide extract: This is the keyword to start the steghide tool and the extraction process.

• -sf: This is the flag to specify the path of the output file with the concealed data.

• concealed_output.jpg: This is the file that contains embedded information.

• -xf: This is the flag to specify the file path to extract the message.

• extracted_message.txt: This is the file that will have the extracted secret message in it.

Once we've extracted the secret message, we can view the secret message by running the following command.

Try it yourself

Let’s practice what we’ve learned in the following command line interface. The directory has input and secret message files to test the process.

Note: You've got to enter an example passphrase to test these commands.