Stealth and Steganography
MacPGP2.6.3 has a new feature: stealth. If you choose "Stealthify" in the
File menu, and then choose a previously encrypted PGP file, all PGP related
headers and identifiers will be stripped off. The resulting file cannot be distinguished,
even by sophisticated analysis, from random garbage. The data in this file can then
be merged into a graphics or audio file completely hiding the existence of this encrypted
The above graphic "A View of Mars from Phobos" looks entirely innocent. However it is
hiding a PGP encrypted message. To extract this message proceed as follows:
- Download this graphic and save it as a "gif" file, say "mars.gif".
- Use the program Graphic Converter
to convert "mars.gif" file into a "pict" file, "mars.pict"
- Run the Stego program to "unsteg" the pict file
- Copy this PGP secret key: Demonstration Key (384)
to the Clipboard and run MacPGP (Open/Decrypt) on it. You will be asked if you want
to add it to your secret keyring - say yes. This secret key has no password protecting
it, so whenever you are asked for the passphrase just hit the OK button.
- Now choose "Destealthify" from the File menu and then choose "mars.pict.out".
In the following dialog choose "Convert to public key message encrypted to:" and then
choose "Demonstration Key (384)". MacPGP will now decrypt the file and verify
You might also try this procedure on the background image for the MacPGP 2.6.3 Home Page.
Links to Related Sites
Steganography Info and Archive
- The most comprehensive site on the worldwide web for steganography related resources.
Romana Machado's Stego Page
- Check here for updates to the Stego program referred to above. Romana is now working on a platform
independent Java version of Stego which will process GIFs directly.
Adam Back's PGP Stealth Page
- This page contains documentation and source code for Stealth v. 2, which you may use to
build compatible Stealth programs for other platforms. (Adam's web site also contains the
famous RSA in 3 lines of Perl, an amusing demonstration of the futility of export restrictions
of cryptographic software.)