Commit 6f3ab74
authored
feat: F5 JPEG steganography support (#235)
## Summary
Adds JPEG steganography support using the F5 algorithm, enabling users
to hide and extract secret data in JPEG images alongside the existing
PNG and WAV support.
- JPEG hide/unveil works transparently via file extension detection
- Password serves dual purpose: encryption (ChaCha20-Poly1305) AND F5
permutation seed
- No public API changes — same builder pattern as PNG/WAV
## What is F5?
F5 is a steganographic algorithm designed specifically for JPEG images.
Unlike naive LSB embedding in spatial domain:
- **Frequency domain embedding**: Data is hidden in quantized DCT
coefficients, surviving JPEG's lossy compression
- **Matrix encoding**: Minimizes embedding changes using (1, n, k) codes
— on average only 1 coefficient change per k bits embedded
- **Permutation-based shuffling**: When a password is provided,
coefficients are accessed in a pseudorandom order derived from the
password, making extraction without the password computationally
infeasible
This makes F5 more statistically secure than naive approaches — changes
to the coefficient histogram are minimal and spread across the image.
## Usage Examples
### CLI
```bash
# Hide a message in a JPEG (without password)
stegano hide --in photo.jpg --out secret.jpg --message "Hello World"
# Hide with password (encrypted + shuffled)
stegano hide --in photo.jpg --out secret.jpg --message "Secret!" --password "MyPass123"
# Unveil
stegano unveil --in secret.jpg --out ./output/ --password "MyPass123"
cat ./output/secret-message.txt
```
### Rust API
```rust
use stegano_core::api::{hide, unveil};
// Hide with password
hide::prepare()
.with_message("Secret message")
.with_image("photo.jpg")
.using_password("MyPassword")
.with_output("stego.jpg")
.execute()?;
// Unveil
unveil::prepare()
.from_secret_file("stego.jpg")
.using_password("MyPassword")
.into_output_folder("./output/")
.execute()?;
```
### Cross-format (PNG → JPEG)
```rust
hide::prepare()
.with_message("From PNG to JPEG")
.with_image("source.png") // PNG input
.with_output("output.jpg") // JPEG output
.execute()?;
```
## Security Model
| Mode | Encryption | Coefficient Access | Security |
|------|------------|-------------------|----------|
| No password | None | Sequential | Low — extraction is straightforward
|
| With password | ChaCha20-Poly1305 | Permuted (password-seeded) | High
— attacker needs password for both extraction order and decryption |
## Test Plan
- [x] Unit tests for JPEG hide/unveil with and without password
- [x] Wrong password fails extraction
- [x] Binary file roundtrip test
- [x] PNG→JPEG cross-format test
- [x] All existing PNG/WAV tests still pass (60 tests)
- [x] CLI smoke tests pass
---------
Signed-off-by: Sven Kanoldt <sven@d34dl0ck.me>1 parent ded19f0 commit 6f3ab74
File tree
72 files changed
+4759
-265
lines changed- .cargo
- .github/workflows
- crates
- stegano-cli/src
- commands
- stegano-core
- src
- api
- media
- image
- payload
- stegano-f5
- examples
- resources
- src
- stegano-inspect
- resources
- samples
- twitter
- src
- tests
- docs/research
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
72 files changed
+4759
-265
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
| 8 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
14 | | - | |
15 | | - | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
| 104 | + | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
16 | 112 | | |
17 | 113 | | |
18 | 114 | | |
19 | | - | |
20 | | - | |
21 | | - | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
22 | 134 | | |
23 | 135 | | |
24 | 136 | | |
25 | 137 | | |
26 | 138 | | |
27 | 139 | | |
28 | 140 | | |
| 141 | + | |
| 142 | + | |
29 | 143 | | |
30 | 144 | | |
31 | 145 | | |
32 | 146 | | |
33 | 147 | | |
34 | 148 | | |
35 | | - | |
36 | | - | |
37 | | - | |
38 | | - | |
39 | | - | |
40 | | - | |
41 | | - | |
42 | | - | |
43 | | - | |
44 | | - | |
45 | | - | |
46 | | - | |
47 | | - | |
48 | | - | |
49 | | - | |
50 | | - | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
| 3 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
0 commit comments