Steganography is a powerful instrument to hide the fact of hiding and avoiding suspicion from/on part of the spying bodies. Also it will let more users learn about steganography because some of them have never heard about it.
What about implementing a double encryption feature with steganography included?
I have already checked the following commands and they work nice. You can develop them further and put a shortcut to menu or smth.
The commands:
Encrypt the file1.anyextension and hide it in file2.jpgorwav with creation of the newresultingfile.jpgorwav (file2.jpgorwav remains in the original state without the embedded file):
openssl enc -aes-256-cbc -in file1.anyextension | steghide embed -z 9 -N -e rijndael-256 -p yourpassword -cf file2.jpgorwav -ef - -sf newresultingfile.jpgorwav
Extract the embedded file and decrypt it:
steghide extract -p yourpassword -sf newresultingfile.jpgorwav -xf - | openssl enc -aes-256-cbc -d > anyfilename.theknownextension
Attention! The receiver should know the extension of the hidden file and both passwords: one for ssl and one for stegide.
Actually you get a triple encryption when using GPG-based mail. Also you may change AES by other encryption algorithms.
Using this method you get double AES-256 encryption which is believed to be free of backdoors currently. If you distrust steghide software you still are protected with openssl.
Why i think this method is valuable it is because it’s quite difficult for most people to figure out how to use GPG/PGP in thunderbird, icedove. Many people do not understand the difference between MIME PGP and inline encryption. While trying to teach other people to use them I saw them making deadly mistakes all the time like sending files with inline encryption where only text was encrypted.
But with the proposed method u just need to have one wav or jpg file and use it as a container. Of course the person may write the email text in a text file and use this method to hide the text.
The obtained benefits:
- Enigmail is not even needed.
- You may use email servers not supporting GPG/PGP.
- You may send stegofiles from any other computer (or from the host OS) without need to use TOR and without need to hide.
What do u think about it?