PassLok Image Steganography

© F. Ruiz 2018

       

   

    Show Pwd.    Compressed    Smart Pwd.





Welcome to PassLok Image Steganography


   For help on how to do things, click on each title.


What is PassLok Image Steganography?

PassLok Image Steganography encrypts text, images, and files, and hides them inside the data of jpeg or png images. If you supply a Password, it becomes extremely difficult even to detect that there is anything contained in that image. Only those possessing the same Password can retrieve the contents.

This program uses the image hiding functions of PassLok Privacy and PassLok for Email (both available from https://passlok.com) but is a standalone encryption program on its own right. Its output is not compatible with those programs because the encryption engine is different.

PassLok Image Steganography runs on a browser and is platform-independent. It has difficulty running on iOS, however, because of bugs in the jpeg-encoding libraries.

Ths program is still in experimental phase, as it has not yet been duly vetted by experts. Bear this in mind before entrusting sensitive information to it.

If you want more capability, you may want to try the full PassLok Privacy, from https://passlok.com/app, which is capable of asymmetric encryption (you don't give your Password to anyone) plus signatures and secret splitting. There is also PassLok for Email, available for Chrome and Firefox, which integrates with popular webmail services.


How do I use the program?

To hide text or data, just type what you want to hide in the big box (you can also load images and files with the buttons on the right side of the toolbar), and the Password in the top box (optional but highly recommended), load a cover image with the big button, and click either Hide into PNG or Hide into JPG. The original format of the image does not matter. Save the resulting message-containing image, which will still look very much like the original, by right-clicking on it and choosing Save Image As...

To reveal the hidden contents, load the image with the big button and type in the optional Password, then click Reveal. If successful, the hidden message or data will appear in the big box.

You'll be able to store more text if you leave the Compressed check on. If you check Smart Pwd., computations will be added for weak passwords, thus increasing overall security. The state of these checkboxes must be the same for encryption and decryption.

The program will run from a saved file, so you don't have to be online in order to use it.

It is possible to add a second message, encrypted under a different password. To do this, write a vertical bar "|" after the main pasword in the password box, then the password for the second message, then another bar, and finally the second message. To reveal it, write the main password, and then a bar and the second message password. If successful, the second message will appear in the space above the image.


Can I encrypt files and images?

You have two choices:

1. Encrypt the files using AES with a utility such as 7-zip (Windows), Keka (OSX), or p7zip (Linux), then encrypt the encryption password into an image, and attach both image and encrypted archive to your email.

2. You can also load files using the button at the right end of the formatting toolbar, which will load each file as a link, and then encrypt them as a regular message. If the file loaded is text, it will load as text rather than as a link. After decryption, the recipient can save each file by right-clicking it and selecting "Save Link as..."

Images can be loaded as described above or directly as image, by clicking the image icon on the rich text toolbar, and are hidden just like text.


Keyboard shortcuts

The main functions can be accessed directly from the keyboard. The button tooltips tell you what the shortcut is for each button that has a shortcut, but below is a list just in case:


Privacy Statement and Warrant Canary

PassLok Image Steganography is a self-contained piece of code that does not rely on servers to do its job. Therefore:

1. We cannot give your Password to anyone (not even yourself) because we don't have it.

2. We cannot give your private data to anyone because the app does not send anything out of your device, either. When you download the app from the web server, you get only the code, without any cookies, plugins, or anything of that sort.

4. We will never weaken the cryptography methods contained within the program at the request of a third party, private or public. This also means no backdoors will ever be added. We would rather shut down the project than be forced to do this, which would betray the very essence of our efforts. If we learn that a counterfeit version of the program is circulating, whether placed by hackers or government agencies, we will make the fact known to users.

Notice: Since this program is distributed as a piece of human-readable code, we consider it an expression of free speech protected by the laws of many countries. Putting into circulation tampered versions of the program, whether by individuals or public entities, violates free speech and copyright protection laws.

PassLok Image Steganography contains strong cryptographic methods, which may be illegal to use in some countries. Please check the local laws before using it.

This paragraph and the canary logo above attest to the fact that, up until the release of version 1.0.1 (September 2018) we have not received any requests under gag order for user data or modifications of the code. This paragraph will be periodically updated as this situation continues.


PassLok Image Steganography 1.0.1 © F. Ruiz 2018
This document may be used, modified or redistributed under GNU GPL license, version 3.0 or higher.