Your message. Your image. Your secret.

Steganography is the practice of hiding data within other data so that the hidden content is undetectable to casual observers. In image steganography, secret messages or files are embedded into the least significant bits (LSB) of pixel color values. The cover image appears completely unchanged to the human eye, but the hidden data can be extracted by anyone who has the stego image and the correct passphrase. Unlike encryption alone (which scrambles data but reveals that something is hidden), steganography conceals the very existence of the secret communication.

Yes. StegoCrypt processes everything locally in your browser using the Web Crypto API. Your passphrase, secret messages, files, and images never leave your device — nothing is uploaded to any server. This is critical: most online steganography tools (stylesuxx, devglab, mobilefish, PELock) send your data to remote servers for processing, which defeats the purpose of hiding sensitive information. With StegoCrypt, the entire encode/decode pipeline runs on your machine.

StegoCrypt uses AES-GCM (Advanced Encryption Standard in Galois/Counter Mode) for authenticated encryption, combined with PBKDF2 key derivation running 600,000 iterations of SHA-256 for passphrase hardening. AES-GCM is the same encryption standard used by governments and security agencies worldwide. The 600k PBKDF2 iterations make brute-force attacks computationally expensive — even with modern GPUs, trying billions of passphrases takes impractical amounts of time. Your data is encrypted before being hidden, providing double protection: encryption and concealment.

PNG uses lossless compression, which preserves every pixel value exactly as encoded. Steganography relies on precise bit manipulation — changing even one bit incorrectly can corrupt the hidden payload. JPEG uses lossy compression that discards pixel information to reduce file size, destroying embedded data in the process. If you save a StegoCrypt image as JPEG, the hidden message will be lost. Always keep and transmit stego images as PNG files.

Yes, StegoCrypt can encrypt and embed any type of file — documents, photos, archives, code, spreadsheets — inside a cover PNG image. The only limitation is capacity: a 1920×1080 image at 2 bits per channel holds approximately 1.2 MB of encrypted data, while a 4K (3840×2160) image can hold about 4.7 MB. Use the embedding depth control (1, 2, or 3 bits per channel) to balance between capacity and stealth — higher depth means more capacity but slightly more detectable pixel changes.

Basic steganography tools write hidden data sequentially across pixels, creating predictable patterns that steganalysis software can detect statistically. StegoCrypt uses key-derived randomized placement — an AES-CTR based PRNG determines a non-sequential embedding order derived from your passphrase. This scatters the hidden bits unpredictably across the entire image, making statistical detection significantly harder. Even if someone suspects steganography, they cannot extract data without the correct passphrase because the placement order is unknown.

Share the PNG file through any normal channel (email, messaging, social media) — it looks like a regular image. However, never share the passphrase through the same channel as the image. Use a separate secure communication method for the passphrase (e.g., share the image via email, share the passphrase via a different encrypted messaging app). Also ensure the image is not recompressed or converted to JPEG during transfer, as this destroys the hidden payload.