Steganography (`stealth') with GnuPG
David Shaw
dshaw@jabberwocky.com
Sun Jul 22 22:17:01 2001
On Sun, Jul 22, 2001 at 09:39:36PM +0200, Frank Heckenbach wrote:
> David Shaw wrote:
>
> > On Sun, Jul 22, 2001 at 01:28:07AM +0200, Frank Heckenbach wrote:
> > > For PGP, there's a utility called `stealth' which strips off all
> > > identifying header information to leave only the encrypted data in a
> > > format suitable for steganographic use
> > > (ftp://ftp.pgp.net/pub/pgp/utils/stealth/).
> > >
> > > It doesn't seem to work with GnuPG encrypted files, however. Is
> > > there a similar utility for GnuPG, or a way to make stealth work
> > > with GnuPG?
> >
> > Stealth only works with old-style pgp messages (pgp 2.6.x and
> > friends). It won't work with pgp 5 and up or openpgp (and hence gpg).
> > It worked by stripping and juggling headers so that all that was left
> > was raw encrypted bits which ideally would appear to be random.
> >
> > You can probably use it with gpg if you generate pgp 2.6.x compatible
> > messages (gpg --rfc1991 --cipher-algo idea --no-literal) using an old
> > style v3 RSA key.
> >
> > Er, make that "gpg --rfc1991 --cipher-algo idea --compress-algo 1".
> > Wrong cut-n-paste :)
>
> I don't have the idea plugin, and AFAICS on the ftp srever, it's not
> available currently (and I'd like to avoid a patented algorithm,
> anyway). But thanks, anyway.
>
> BTW, how hard would it be to write something like stealth for
> OpenPGP (or is it not possible at all)? Though I won't have any time
> for it now, maybe sometime later ...
Oh, it's certainly possible. You might even be able to adapt the
existing stealth code for openpgp messages. The hard bit is that
openpgp allows for different symmetric and asymmetric ciphers among
other things - part of what made stealth as simple as it is was the
guarantee that every message would be RSA/IDEA.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson