A GPG version of the PGPstealth program?

tftp tftp at yahoo.com
Sun Aug 19 23:58:02 CEST 2001

--- Andrew Marlow <apm35 at student.open.ac.uk> wrote:
> I have had some more thoughts about integrating
> GPG with deniable steganography...

> But the message extracted
> is a GPG msg that has been 'stealthed', i.e it
> has been altered so that it resembles noise.
> Using a program such as GPGdump will not reveal
> the deSNOW'd data to be anything readable.

You can also XOR the GPG data with a text from a Bible.
It would make an acceptable keystream for your purposes...
even better than what you propose :-)

> This is the bit where I *deny* that there is a secret msg.

The attacker can use the same algorithm - and your own
public key as the secret key - to produce the GPG stream,
which will prove that this is a GPG message. The number
of stego algorithms is finite, and if you want to get somewhere
with this idea you probably have to use an outer envelope that
can not be deciphered into anything but noise without the unique,
secretly maintained, key.

You see, public key crypto and stego have opposite purposes. The
PKI allows anyone to receive (and recognize them, of course!)
crypto messages. Steganography systems go to great length to
hide even the fact that there is a second message somewhere...

> The reason I have to use PGP is that there is a
> stealth program for PGP but not for GPG. The
> stealth program only supports version 2.6.n of
> PGP. I have looked at the code to see how easy
> it would be to adapt it for GPG and it is beyond
> my skill, unfortunately.

I am still unsure how valuable the second layer of encryption
would be, especially using publicly available "secret" key...
but if you really want to do that, there are plenty of simple
ciphers, block or stream, that can be implemented in 100 lines
of any language. You only need to export the public key and
then use it (all or portion of it) as a symmetric key.


Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger

More information about the Gnupg-devel mailing list