Hidden Encryption

How to hide encrypted messages in image files, as to not arouse suspicion of encryption use!

PGP has been shown to be unbreakable. However, with the government's increasingly heavy-handed approach, there are some people who are now afraid to use it. Lets say there is a crackdown on free-speech (or just free-dom!). All the authorities have to do, is scan people's e-mails for key words, or in this case, PGP encrypted messages. These encrypted messages are very easily found because PGP will always have a PGP header and footer on any PGP encrypted message. Yes, the message is still encrypted and they cannot know what it contains. However, this arouses suspicion and the next thing they do is start to investigate you. But this problem is solved with the use of Steganography, the art of hiding data in a file. Here is en excerpt from a good Steganography program I am using:

"S-Tools (Steganography Tools) brings you the capability of concealing files within various forms of data. By making subtle alterations to sampled data it is possible to conceal information whilst retaining nearly all the content of the original sample.

Users of S-Tools can opt to encrypt their information using the strongest state-of-the-art encryption algorithms currently known within the academic world, so that even an enemy equipped with a copy of S-Tools cannot be completely sure data is hidden unless he has your secret passphrase.

In short, S-Tools allows you to place private information in an inconspicuous 'envelope' that will not arouse suspicion."

I have made a rough tutorial of how to use this Steganography software in conjunction with PGP. The PGP program is first used to agree on a permanent password for you and your correspondent, that will be used to power the Steganography program. But first, you need to download and install PGP.

When you first get started, you will need to create a "public key".

After the program is installed, you have to reboot the computer. When it boots up again, there will now be an icon on the bottom of the screen shaped like a lock. Right click on it and select, "PGP keys". A box will pop up.

Go to the top and click on "keys". Then select "New Key". Enter your information.

It asks you what type of key you want to be using. RSA has been the "standard", but it's not considered to be as strong, even though no RSA key has ever been broken, to my knowledge.

Now it wants to know what key size to use. You can see there is a message from the main developer of PGP, explaining that very large key sizes are not really needed, as even smaller key sizes have yet to be broken. It's your choice. However, I have heard that if using key sizes larger than 4096, older PGP versions cannot communicate with such keys. So keep this in mind.

After you have generated the key, it asks if you want to upload it to a server. I usually don't do this, as if I want someone to write me using PGP, I will just send them my key by e-mail. This can be done by right-clicking on the key and selecting "copy".

Now the key has been copied onto the clipboard and you just simply right-click and paste it into an e-mail, or post it on your web-site, blog, message forum, etc. You must first trade public keys in order to be able to encrypt letters to those keys. For example, below is my public key. If you click on the lock, then "Current Window", then "Decrypt & Verify" it asks you if you want to import my key onto your key ring. This will be necessary in order to encrypt anything to me. It may be necessary to highlight the key and copy it onto the clipboard, then click on the lock, then select "Clipboard", then "Decrypt & Verify".

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 6.5.8ckt http://www.jtest28.com/OtherDirectory/pgp658ckt08.zip

mQCNA0Hm38AAAAEEAKhp5FoUYvm+ggeM2oa0twmVkYA/IB6me+iDjUWVi67hahv6
s6NcHTftLpWfvQvxznMjCe/WH1wcMK+ZdnCryquvRAM+nlGWuSVv3Yq3HxfqLBwt
HS0fbcUm6xj1lToepxbYcQweWcI7YY3LAHVQzp+rqrEqvK9DaExpgAjyDKbjAAUR
tCBKYW1lcyBNYWRkb3ggPGp0ZXN0MjhAeWFob28uY29tPokAlQMFEEHm38BMaYAI
8gym4wEBKLYD+gKNYoz8NLc6doAWMmV9SKdEpAAmZC+5vUr0JrF6wArUHonqNieU
KZW50iTHWTOFvulJbXOE3sJZSRHiZNCHBkBuxthHgQFrKpS1jqn+lAZhzu4xWGFC
Q5odopO2zAYeXnQN40scJ9h94gLUCCOYQcL4wiexjh4eKQQ64UOVkzrg
=5ikX
-----END PGP PUBLIC KEY BLOCK-----

Now open up a notepad document and type a message. Don't forget to tell the recipient the password that will be used with the Steganography program! When you are ready to encrypt it, click on the PGP icon, go to "Current Window", then "Encrypt".

A key box pops up, letting you decide who the recipients are for this message. You can even select multiple keys.

Drag the key(s) from the top box and release them into the bottom box. Then select "OK". The message, in encrypted form, will now appear where the original message was. Now e-mail this "cypher-text" to them. There are two ways to do this. You can just go to your e-mail and right-click and paste this cypher-text, or you could even paste this cypher-text into a notepad document and save it, then attach this file in an e-mail.

This first PGP encrypted message must be sent to the recipient unhidden, as the recipient does not yet know the password for the Steganography software.

Next, you will need to split two screens, side by side, so you can drag and drop a picture from another folder onto this screen shown above.

Just drag and drop from the right side of the screen, and release the image onto the darker gray section on the left side. Make sure to use a GIF image and not a jpeg/jpg. Actually, it will work on a sound file as well. But those are so large to e-mail.

I like this picture

Use the Windows Explorer to select all the files that you would like to hide and simply drag them over the open picture file that you want to hide them in and let go.

I dragged the text file, 'Messageinabottle' from the window on the right and dropped it onto the pic. Then a box pops up. Here is where you will enter the password that you have agreed on, because without it, the recipient won't even know the image has a hidden file. It is also necessary to agree on the algorithm used. I always use IDEA because it has a long track record.

After you click "OK". It will start the hiding process and shows this status in the lighter gray box. Then the new pic will appear next to the old one.

Now right-click on the new picture (lower right hand corner, in this case) and select, "Save As. . .", and save it to your hard drive. The pic is now ready to be sent in an e-mail, or even placed on a message forum, where no one will know the better.

Decrypting

When the recipient gets the image, he places it into the darker gray section of the screen and right-clicks on the image, then selects, "Reveal".

He has to have the password correct and also the same type of algorithm selected and all of this was agreed upon in that first lone PGP message.

Next a file box appears.

Then just right-click on the filename(s) that is in that box and select, "Save As. . ."

Now you have a file that has passed through the net, unknown to anyone it contained an encrypted message. No suspicion aroused. Now all you have to do is open that file and then left-click on the PGP icon, go to "Current Window", then "Decrypt & Verify".

A window appears with the decrypted PGP message!

As you can tell by the time on my screenshots, I spent a few hours on this tutorial. Hopefully, I will have helped someone use this technology. It seems so many people don't want to spend the time to learn something that can be of such value to them. It is a well known fact that PGP has never been cracked. Yet, even those who are worried about their private lives becoming infiltrated by the government, will not use it. I think now is the time to start becoming more vigilant, but I think it is also good to lay low, hence, the Steganography.