Steganography (`stealth') with GnuPG
David Shaw
dshaw@jabberwocky.com
Sun Jul 22 02:45:01 2001
On Sun, Jul 22, 2001 at 01:28:07AM +0200, Frank Heckenbach wrote:
> For PGP, there's a utility called `stealth' which strips off all
> identifying header information to leave only the encrypted data in a
> format suitable for steganographic use
> (ftp://ftp.pgp.net/pub/pgp/utils/stealth/).
>
> It doesn't seem to work with GnuPG encrypted files, however. Is
> there a similar utility for GnuPG, or a way to make stealth work
> with GnuPG?
Stealth only works with old-style pgp messages (pgp 2.6.x and
friends). It won't work with pgp 5 and up or openpgp (and hence gpg).
It worked by stripping and juggling headers so that all that was left
was raw encrypted bits which ideally would appear to be random.
You can probably use it with gpg if you generate pgp 2.6.x compatible
messages (gpg --rfc1991 --cipher-algo idea --no-literal) using an old
style v3 RSA key.
You might want to also look into gpg --throw-keyid. While that does
not result in a message that resembles random noise (it's still
clearly a openpgp message), it does remove the ID of the user the
message was encrypted to which provides some level of security for a
message intended for steganographic hiding.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson