Stegosaurus is a lightweight command-line tool written in C# for securely hiding encrypted messages inside PNG images using LSB (Least Significant Bit) steganography.
It combines strong AES encryption (via PBKDF2-derived keys) with image steganography, making it suitable for sending secret messages disguised inside innocuous-looking image files.
- AES-256 encryption with a password-derived key (PBKDF2 + SHA256)
- LSB steganography using R, G, B channels (alpha is untouched)
- PRNG-controlled encoding Pseudo-random number generator (PRNG) for added entropy based on password hash
- Graceful error handling for corrupt, small, or invalid image files
- PNG-only for now — JPG support would require DCT-based encoding
Stegosaurus is currently in beta because it depends on the beta version of the System.CommandLine package.
dotnet add package Stegosaurus --version 1.0.4-betaOr manually add it to your .csproj file:
<PackageReference Include="Stegosaurus" Version="1.0.4-beta" />dotnet builddotnet run -- encrypt -f image.png -m "Secret message here" -o hidden_output.pngOr enter your password at the command line (not recommended, but convenient for scripting/testing):
dotnet run -- encrypt -f image.png -p yourpassword -m "Secret message" -o hidden_output.pngdotnet run -- decrypt -f hidden_output.png -o secret.txt| Flag | Description | Required |
|---|---|---|
-f, --file |
Path to input PNG file | ✅ |
-m, --message |
Message to hide (encrypt only) | ✅ for encrypt |
-p, --password |
Password for encryption/decryption | ❌ |
-o, --outfile |
Optional output path for result | ❌ |
- Only
.pngfiles are supported. JPEGs use lossy compression, which discards subtle data like LSBs. To hide data in.jpgfiles, you'd need to use DCT-based steganography (Discrete Cosine Transform), which this tool does not support. - During encoding, the alpha (transparency) channel is ignored to avoid visual artifacts. Only the RGB channels are modified, as changes to alpha values are more likely to cause noticeable distortions.
- Image must be large enough to store both prefix and encrypted payload, or an error will be thrown and the program will exit gracefully.
- Corrupt PNGs or tampered files will throw appropriate errors and exit gracefully.
- If you don’t provide a password via the command line, the program will prompt you securely. This is recommended to avoid exposing the password in terminal history or logs.
- If you don’t specify an --outfile, one will be auto-generated based on the input file’s name with a timestamp. For decryption/decoding, the output will default to a .txt file.
Unit tests live in Stegosaurus.Tests/. To run them:
dotnet testPlans to publish this as a .NET tool (dotnet tool install) are in progress, including CI/CD via GitHub Actions.
- C# (.NET 8)
- ImageSharp for pixel-level image access
System.Security.Cryptographyfor AES + PBKDF2
Made by Michael Pearce
🌐 michaelpearce.tech • 🐙 GitHub