Steghide is a command-line steganography tool that hides data in various media files including JPEG, BMP, WAV, and AU with encryption and compression support.
Installation
Linux/Ubuntu
sudo apt update
sudo apt install steghide
macOS
brew install steghide
Verify Installation
steghide --version
steghide --help
Basic Commands
| Command | Description |
|---|
steghide embed -cf cover.jpg -ef secret.txt -sf output.jpg | Embed secret.txt into cover.jpg with password prompt |
steghide extract -sf stego.jpg -xf extracted.txt | Extract hidden data from stego.jpg |
steghide info image.jpg | Display information about potential hidden data |
steghide info image.jpg -p password | Get info with known password |
steghide --version | Show steghide version |
Embedding Data
Basic Embedding
# Embed with interactive password prompt
steghide embed -cf cover.jpg -ef secret.txt -sf output.jpg
# Embed with explicit password (not recommended for security)
steghide embed -cf cover.jpg -ef secret.txt -sf output.jpg -p "MyPassword123"
# Embed BMP image as cover
steghide embed -cf cover.bmp -ef payload.bin -sf output.bmp
# Embed in audio file (WAV)
steghide embed -cf audio.wav -ef secret.txt -sf output.wav -p "pass"
Advanced Embedding Options
# Compress before embedding
steghide embed -cf cover.jpg -ef secret.txt -sf output.jpg -Z
# Specify encryption algorithm (aes256 default)
steghide embed -cf cover.jpg -ef data.bin -sf output.jpg -e aes256
# Disable compression
steghide embed -cf cover.jpg -ef secret.txt -sf output.jpg -Z 0
# Extract with password prompt
steghide extract -sf stego.jpg -xf output.txt
# Extract with provided password
steghide extract -sf stego.jpg -xf output.txt -p "MyPassword123"
# Force overwrite existing file
steghide extract -sf stego.jpg -xf output.txt -f
# Extract from BMP
steghide extract -sf stego.bmp -xf extracted.bin
# Extract from WAV audio
steghide extract -sf stego.wav -xf audio_secret.txt
# Extract to stdout
steghide extract -sf stego.jpg -xf - -p "pass" | cat
| Command | Description |
|---|
steghide info image.jpg | Show file info and hide capacity |
steghide info image.jpg -p password | Get info with correct password |
steghide info stego.jpg -p pass -v | Verbose output of steganographic data |
steghide info *.jpg | Check multiple files for hidden data |
| Format | Type | Notes |
|---|
| JPEG | Image | Most commonly used for steganography |
| BMP | Image | Uncompressed, provides good capacity |
| WAV | Audio | Linear PCM format |
| AU | Audio | Sun audio format |
Cryptography Details
Encryption Methods
# Default AES256 encryption
steghide embed -cf cover.jpg -ef secret.txt -sf output.jpg
# Key derivation: password hashed with MD5 (in older versions)
# Data encrypted in CTR mode for streaming
# Passphrase requirements
# - Minimum 1 character (no minimum enforced, but recommended 10+)
# - Spaces and special characters supported
# - Case sensitive
Common Workflows
Hide a Message in an Image
# Step 1: Create or use existing cover image
# Step 2: Prepare secret file
echo "Classified information" > secret.txt
# Step 3: Embed
steghide embed -cf cover.jpg -ef secret.txt -sf hidden.jpg -p "StrongPass2024"
# Step 4: Transfer hidden.jpg (appears as normal image)
# Step 5: Recipient extracts
steghide extract -sf hidden.jpg -xf recovered.txt -p "StrongPass2024"
Batch Processing Multiple Files
#!/bin/bash
# Hide multiple secrets in different images
for file in secrets/*.txt; do
image=$(basename "$file" .txt).jpg
steghide embed -cf original/"$image" -ef "$file" \
-sf output/hidden_"$image" -p "CommonPass123"
done
# Extract batch
for file in hidden_*.jpg; do
steghide extract -sf "$file" -xf "${file%.jpg}.txt" -p "CommonPass123"
done
Capacity Analysis
# Check how much data can be hidden
steghide info cover.jpg
# Example output:
# Format: JPEG
# Capacity: 5.3 KB
# Used: 0 KB
# Hidden: no
Troubleshooting
Wrong Passphrase
# If extraction fails, verify password first
steghide extract -sf stego.jpg -xf /dev/null -p "WrongPass"
# Error: "Passphrase could not be correctly decrypted"
Insufficient Capacity
# Check capacity before embedding large files
steghide info cover.jpg
# Use compression if capacity is tight
steghide embed -cf cover.jpg -ef large_file.bin -sf output.jpg -Z
# JPEG offers better capacity than BMP
# BMP uncompressed but larger file size
# WAV suitable for audio data hiding
Security Considerations
- Steghide provides encryption but not authentication
- Passwords are the security foundation
- Use strong, random passphrases (20+ characters recommended)
- Steganalysis tools can sometimes detect presence of hidden data
- Combining with additional encryption (GPG) adds security layers
- Clean metadata from files before use as cover media
Examples
Hide and Encrypt Database Backup
# Create encrypted backup
gpg --symmetric --cipher-algo AES256 database.sql
# Embed in image
steghide embed -cf cover.jpg -ef database.sql.gpg -sf backup_hidden.jpg -p "MasterKey2024"
# Extract and decrypt
steghide extract -sf backup_hidden.jpg -xf database.sql.gpg -p "MasterKey2024"
gpg database.sql.gpg
Audio Steganography
# Hide text in WAV file
steghide embed -cf original_audio.wav -ef classified.txt -sf hidden_audio.wav
# Extract
steghide extract -sf hidden_audio.wav -xf recovered.txt -p "pass"
# Audio still plays normally after embedding
