How to hide encrypted messages in image files, as to not arouse suspicion of encryption use!
PGP has been shown to be unbreakable. However, with the government's increasingly heavy-handed approach, there are some people who are now afraid to use it. Lets say there is a crackdown on free-speech (or just free-dom!). All the authorities have to do, is scan people's e-mails for key words, or in this case, PGP encrypted messages. These encrypted messages are very easily found because PGP will always have a PGP header and footer on any PGP encrypted message. Yes, the message is still encrypted and they cannot know what it contains. However, this arouses suspicion and the next thing they do is start to investigate you. But this problem is solved with the use of Steganography, the art of hiding data in a file. Here is en excerpt from a good Steganography program I am using:
"S-Tools (Steganography
Tools) brings you the capability of concealing files within various forms of
data. By making subtle alterations to sampled data it is possible to conceal
information whilst retaining nearly all the content of the original sample.
Users of S-Tools can opt to encrypt their information using the strongest
state-of-the-art encryption algorithms currently known within the academic
world, so that even an enemy equipped with a copy of S-Tools cannot be
completely sure data is hidden unless he has your secret passphrase.
In short, S-Tools allows you to place private information in an inconspicuous
'envelope' that will not arouse suspicion."
I have made a rough tutorial of how to use
this Steganography software in conjunction with PGP. The PGP
program is first used to agree on a permanent password for you
and your correspondent, that will be used to power the
Steganography program. But first, you need to download and install PGP.
When you first get started, you will need to create a
"public key".
After the program is installed, you have to reboot the computer.
When it boots up again, there will now be an icon on the bottom
of the screen shaped like a lock. Right click on it and select,
"PGP keys". A box will pop up.
Go to the top and click on "keys". Then select "New Key". Enter your information.
It asks you what type of key you want to be using. RSA has been the "standard", but it's not considered to be as strong, even though no RSA key has ever been broken, to my knowledge.
Now it wants to know what key size to use. You
can see there is a message from the main developer of PGP,
explaining that very large key sizes are not really needed, as
even smaller key sizes have yet to be broken. It's your choice.
However, I have heard that if using key sizes larger than 4096,
older PGP versions cannot communicate with such keys. So keep
this in mind.
After you have generated the key, it asks if you want to upload
it to a server. I usually don't do this, as if I want someone to
write me using PGP, I will just send them my key by e-mail. This
can be done by right-clicking on the key and selecting
"copy".
Now the key has been copied onto the clipboard and you just simply right-click and paste it into an e-mail, or post it on your web-site, blog, message forum, etc. You must first trade public keys in order to be able to encrypt letters to those keys. For example, below is my public key. If you click on the lock, then "Current Window", then "Decrypt & Verify" it asks you if you want to import my key onto your key ring. This will be necessary in order to encrypt anything to me. It may be necessary to highlight the key and copy it onto the clipboard, then click on the lock, then select "Clipboard", then "Decrypt & Verify".
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: 6.5.8ckt http://www.jtest28.com/OtherDirectory/pgp658ckt08.zip mQCNA0Hm38AAAAEEAKhp5FoUYvm+ggeM2oa0twmVkYA/IB6me+iDjUWVi67hahv6 s6NcHTftLpWfvQvxznMjCe/WH1wcMK+ZdnCryquvRAM+nlGWuSVv3Yq3HxfqLBwt HS0fbcUm6xj1lToepxbYcQweWcI7YY3LAHVQzp+rqrEqvK9DaExpgAjyDKbjAAUR tCBKYW1lcyBNYWRkb3ggPGp0ZXN0MjhAeWFob28uY29tPokAlQMFEEHm38BMaYAI 8gym4wEBKLYD+gKNYoz8NLc6doAWMmV9SKdEpAAmZC+5vUr0JrF6wArUHonqNieU KZW50iTHWTOFvulJbXOE3sJZSRHiZNCHBkBuxthHgQFrKpS1jqn+lAZhzu4xWGFC Q5odopO2zAYeXnQN40scJ9h94gLUCCOYQcL4wiexjh4eKQQ64UOVkzrg =5ikX -----END PGP PUBLIC KEY BLOCK-----
Now open up a notepad document and type a message. Don't forget to tell the recipient the password that will be used with the Steganography program! When you are ready to encrypt it, click on the PGP icon, go to "Current Window", then "Encrypt".
A key box pops up, letting you decide who the recipients are for this message. You can even select multiple keys.
Drag the key(s) from the top box and release
them into the bottom box. Then select "OK". The message, in encrypted form, will now appear where the original message was. Now e-mail this "cypher-text" to them. There are two ways to do this. You can just go to your e-mail and right-click and paste this cypher-text, or you could even paste this cypher-text into a notepad document and save it, then attach this file in an e-mail.
This first PGP encrypted message must be sent to the recipient
unhidden, as the recipient does not yet know the password for the
Steganography software.
Next Chapter
Steganography
Next, download the Steganography software and install it. Go to the folder where it is installed at and click on the file, "S-Tools".
Next, you will need to split two screens, side by side, so you can drag and drop a picture from another folder onto this screen shown above.
Just drag and drop from the right side of the screen, and release the image onto the darker gray section on the left side. Make sure to use a GIF image and not a jpeg/jpg. Actually, it will work on a sound file as well. But those are so large to e-mail.
I like this picture
Use the Windows Explorer to select all the files that you would
like to hide and simply drag them over the open picture file that
you want to hide them in and let go.
I dragged the text file, 'Messageinabottle' from the window on the right and dropped it onto the pic. Then a box pops up. Here is where you will enter the password that you have agreed on, because without it, the recipient won't even know the image has a hidden file. It is also necessary to agree on the algorithm used. I always use IDEA because it has a long track record.
After you click "OK". It will start the hiding process and shows this status in the lighter gray box. Then the new pic will appear next to the old one.
Now right-click on the new picture (lower right
hand corner, in this case) and select, "Save As. . .",
and save it to your hard drive. The pic is now ready to be sent
in an e-mail, or even placed on a message forum, where no one
will know the better.
Decrypting
When the recipient gets the image, he places it into the darker gray section of the screen and right-clicks on the image, then selects, "Reveal".
The password box will pop up.
He has to have the password correct and also
the same type of algorithm selected and all of this was agreed
upon in that first lone PGP message.
Next a file box appears.
Then just right-click on the filename(s) that is in that box and select, "Save As. . ."
Now you have a file that has passed through the net, unknown to anyone it contained an encrypted message. No suspicion aroused. Now all you have to do is open that file and then left-click on the PGP icon, go to "Current Window", then "Decrypt & Verify".
A password box appears. Enter the password for your PGP key.
A window appears with the decrypted PGP
message!
As you can tell by the time on my screenshots, I spent a few
hours on this tutorial. Hopefully, I will have helped someone use
this technology. It seems so many people don't want to spend the
time to learn something that can be of such value to them. It is
a well known fact that PGP has never been cracked. Yet, even
those who are worried about their private lives becoming
infiltrated by the government, will not use it. I think now is
the time to start becoming more vigilant, but I think it is also
good to lay low, hence, the Steganography.