How to Hide Confidential Files in Images on Ubuntu using Steganography

At times we need to encrypt highly confidential data on our systems in a way that no other person using our system can tell that we have hidden any information. One way of doing this is hiding files and secret messages inside other existing files such as images and audio. This is also pretty helpful when you want to convey a private message or send a file through the network to another person without compromising its security. You can simply embed the confidential data, along with a password or passkey so that only a trusted person can open that file. This type of encryption where you hide one file securely into another is called Steganography.

Why Steganography?

Steganography is preferred over cryptography because, in the later, an adversary will know that something was hidden in a text or file. They can even break the code and get through the information by putting some hard work. In Steganography, however, the third person would not even be aware of the fact that a seemingly harmless looking image or audio file carries a secret message or a file embedded in it.

In this article, we will discuss three methods through which you can encrypt your confidential files into images, both through the Ubuntu UI and the command line.

We have run the commands and procedures mentioned in this article on an Ubuntu 18.04 LTS system. Since we are using the Ubuntu command line, the Terminal application, in order to install the three steganographic utilities; you can open it either through the system Dash or the Ctrl+Alt+T shortcut.

Method 1: Through the Steghide utility (command line)

Steghide is a command line utility that lets you hide confidential data inside various kinds of image and audio files.

Steghide Installation

In order to install the latest version of this tool, open the Ubuntu Terminal and first update your repository index through the following command as sudo:

$ sudo apt update

Now install the steghide utility through the following command:

$ sudo apt-get install steghide

The system will prompt you with a Y/n option to confirm if you want to continue with the installation. Please enter Y and then hit Enter to continue, after which the software will be successfully installed on your system.

File Encryption with steghide

In order to encrypt a confidential file, you need to have the file that you want to encrypt and the image or audio file you want to hide it in. Steghide supports encrypting into AU, BMP, JPEG and WAV file types.

This is the syntax you can use in order to embed a file into a JPEG file:

$ steghide embed -ef confidentialfile.txt -cf image.jpg

We are assuming that the file needs to be encrypted from the current folder to the current folder. In case the initial confidential file is residing somewhere else on your system, you need to provide its complete path. Similarly, if your image file is located somewhere else, you need to specify its complete path through this command.

Example:

$ steghide embed -ef examplefile.txt -cf sample.jpg

The system will ask you for a passphrase required for embedding the confidential file. This passphrase will need to be provided while extracting or decrypting the file. You need to enter this passphrase twice or you can simply hit only Enter in order to encrypt without a passphrase.

In this example, we have embedded a text file into a JPEG file. After the encryption has been done, you can delete your initial confidential file and only keep the image file that will later be used for decryption.

File Extraction

Use the following syntax in order to extract your original confidential file from the image file it was embedded into:

$ steghide extract -sf image.jpg

Example:

$ steghide extract -sf sample.jpg

The system will ask you to provide the passphrase; once you provide the correct passphrase, your confidential file will be extracted from the image file.

Remove/Uninstall

Whenever you want to uninstall the Steghide tool from your system, simply enter the following command as sudo:

$ sudo apt-get remove steghide

Method 2: Through the Outguess utility (command line)

Outguess is also a command line steganographic utility that lets insertion of hidden information into the redundant bits of data sources. The program relies on data specific handlers that will extract redundant bits and write them back after modification. The file formats it currently supports include JPEG, PPM and PNM, although it can use any kind of data, as long as a handler is provided.

Outguess Installation

In order to install the latest version of this tool, open the Ubuntu Terminal and first update your repository index through the following command as sudo:

$ sudo apt update

Now install the Outguess utility through the following command:

$ sudo apt-get install outguess

File Encryption

In order to encrypt a confidential file you, need to have the file you want to encrypt and the image file you want to hide it in.

This is the syntax you can use in order to embed a file into a JPEG file:

$ outguess -d examplefile.txt image.jpg image-output.jpg

The “image-output.jpg” file is the one on which your confidential file will be embedded.

In case you want to specify a secret key that will be used while extracting the file after it has been embedded, use the following syntax:

$ outguess -k “secret key” -d examplefile.txt image.jpg image-output.jpg

Example:

$ outguess -k "secret key" -d examplefile.txt sample.jpg sample-output.jpg

In our example, an output jpg file will be written in our current folder. After the encryption has been done, you can delete your initial confidential file and only keep the output image file that will later be used for decryption.

File Extraction

Use the following syntax in order to extract your original confidential file from the output image file it was embedded into:

$ outguess -r image-output.jpg secret.txt (when no secret key was provided)

$ outguess -k "secret key" -r image-output.jpg secret.txt (when a secret key was specified during encryption)

Example:

$ outguess -k “secret key”-r sample-output.jpg examplefile.txt

After extraction, the Outguess tool also verify statistics to ensure that the original file is exactly as it were before encryption.

Remove/Uninstall

Whenever you want to uninstall the Outguess tool from your system, simply enter the following command as sudo:

$ sudo apt-get remove outguess

Method 3: Through the Stegosuite tool (UI)

The Stegosuite is a graphical, free, and open source steganographic tool written in Java. You can easily use it to hide confidential files in images. You can install this tool through Ubuntu Software Manager or the command line. It supports hiding multiple files and text messages into BMP, GIF, and JPG image files.

Stegosuite Installation

In order to install the latest version of this tool through the command line, open the Ubuntu Terminal and first update your repository index through the following command as sudo:

$ sudo apt update

Now install the Stegosuite utility through the following command:

$ sudo apt-get install stegosuite

Launch Stegosuite

You can launch the UI tool through the command line as follows:

$ stegosuite

You can also launch it through the Ubuntu UI by searching for it through the Dash or directly access it from the Applications listing:

The Stegosuite utility will open in the following view:

File Encryption

In order to encrypt an image file with a confidential file, first, you need to load the image file through the File menu.

Select a file in BMP, GIF, JPG or PNG format from the file browser and then click the OK button. The image file will be loaded in the main Stegosuite window.

You can do the following three tasks through this window:

Enter a secret message along with the file(s) you want to embed.
Right-click and then add a confidential file in the “embedded files” area.
Enter a password that will be used while extracting the embedded files and a secret message, later from the image.

After performing these steps, click the Embed button and a new image file with the name “filename_embed” will be created on your system. Since this name contains the word “embed” you can change this file’s name to something else to make it more confidential. You can also delete the original confidential file from your system if you want.

File Extraction

In this example, my confidential file was embedded in a new jpg file named “sample_embed.jpg” but I changed the name to “example.jpg” later for privacy purposes. In order to extract the original confidential file from the image file it was embedded into, you can right-click the image file from the file browser and select “Open With Other Application” from the menu and then select Stegosuite from the Select Application list as follows:

Or you can open the Stegosuite application and load an embedded image file from the File menu. Once the file is loaded, simply provide the password and click the Extract button after which, the original confidential file will be extracted back to your system.

Remove/Uninstall

Whenever you want to uninstall the Stegosuite utility from your system, you can do so through the Ubuntu Software manager or simply by entering the following command as sudo in your Terminal:

$ sudo apt-get remove stegosuite

Conclusion

Through this article, you have learned the skill of steganography in Linux, used in order to hide or embed your confidential files and messages into image and audio files. If you prefer UI or even if you are a Terminal-savvy person, you can choose a tool from the ones that we described in this article and skill-fully hide any confidential information file on your system to a seemingly irrelevant looking image file.