alee/stegasoo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

3.2.0 Big revamp

Browse Source
This commit is contained in:
Aaron D. Lee
2026-01-01 03:14:27 -05:00
parent 6d64c69f08
commit 11fc8aab27
7 changed files with 829 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

426
frontends/web/WEB_FRONTEND_UPDATE_SUMMARY_V3.2.0.md Normal file
View File

@@ -0,0 +1,426 @@
# Web Frontend Update Summary for v3.2.0
## Overview
The Flask web frontend has been updated to align with Stegasoo v3.2.0's breaking changes:
1. **Removed date dependency** - No date selection or tracking in UI
2. **Renamed day_phrase → passphrase** - Updated all forms and templates
3. **Increased default words** - From 3 to 4 for better security
## Key Changes
### 1. Form Parameter Changes
#### Generate Page
**Before (v3.1.0):**
```python
words_per_phrase = int(request.form.get('words_per_phrase', 3))
# Generated daily phrases for all days of the week
```
**After (v3.2.0):**
```python
words_per_passphrase = int(request.form.get('words_per_passphrase', 4))
# Generates single passphrase
```
**Template variables changed:**
- `phrases``passphrase` (single string instead of dict)
- `words_per_phrase``words_per_passphrase`
- `phrase_entropy``passphrase_entropy`
- Removed `days` variable (no longer needed)
#### Encode Page
**Before (v3.1.0):**
```python
day_phrase = request.form.get('day_phrase', '')
client_date = request.form.get('client_date', '').strip()
day_of_week = get_today_day() # Used in template
encode_result = encode(
...,
day_phrase=day_phrase,
date_str=date_str,
...
)
```
**After (v3.2.0):**
```python
passphrase = request.form.get('passphrase', '')
# No client_date or day_of_week needed
encode_result = encode(
...,
passphrase=passphrase, # Renamed
# date_str removed
...
)
```
#### Decode Page
**Before (v3.1.0):**
```python
day_phrase = request.form.get('day_phrase', '')
stego_date = request.form.get('stego_date', '').strip()
decode_result = decode(
...,
day_phrase=day_phrase,
date_str=stego_date if stego_date else None,
...
)
```
**After (v3.2.0):**
```python
passphrase = request.form.get('passphrase', '')
# No stego_date needed
decode_result = decode(
...,
passphrase=passphrase, # Renamed
# date_str removed
...
)
```
### 2. Template Context Updates
**inject_globals() changes:**
**Added:**
```python
'min_passphrase_words': MIN_PASSPHRASE_WORDS,
'recommended_passphrase_words': RECOMMENDED_PASSPHRASE_WORDS,
'default_passphrase_words': DEFAULT_PASSPHRASE_WORDS,
```
**Used for:**
- Showing passphrase length requirements
- Default values in generate form
- Validation messages
### 3. Validation Updates
**Added passphrase validation:**
```python
from stegasoo import validate_passphrase
# In encode_page()
result = validate_passphrase(passphrase)
if not result.is_valid:
flash(result.error_message, 'error')
return ...
# Show warning if passphrase is short
if result.warning:
flash(result.warning, 'warning')
```
### 4. Error Message Updates
**Before:**
```python
flash('Day phrase is required', 'error')
flash('Decryption failed. Check your phrase, PIN...', 'error')
```
**After:**
```python
flash('Passphrase is required', 'error')
flash('Decryption failed. Check your passphrase, PIN...', 'error')
```
## Template Changes Needed
These Flask routes will need corresponding template updates:
### generate.html
**Changes needed:**
```html
<!-- Before -->
<label for="words_per_phrase">Words per phrase</label>
<input type="number" name="words_per_phrase" value="3">
{% if generated %}
<h3>Daily Phrases</h3>
{% for day in days %}
<tr>
<td>{{ day }}</td>
<td>{{ phrases[day] }}</td>
</tr>
{% endfor %}
{% endif %}
<!-- After -->
<label for="words_per_passphrase">Words per passphrase</label>
<input type="number" name="words_per_passphrase" value="{{ default_passphrase_words }}">
{% if generated %}
<h3>Passphrase</h3>
<div class="passphrase-display">
<code>{{ passphrase }}</code>
<p class="help-text">Use this passphrase to encode and decode messages (no date needed!)</p>
</div>
{% endif %}
```
**Entropy display:**
```html
<!-- Before -->
<li>Phrase entropy: {{ phrase_entropy }} bits</li>
<!-- After -->
<li>Passphrase entropy: {{ passphrase_entropy }} bits ({{ words_per_passphrase }} words)</li>
```
### encode.html
**Changes needed:**
```html
<!-- Before -->
<label for="day_phrase">Day Phrase</label>
<input type="text" name="day_phrase" required>
<label for="client_date">Encoding Date (Optional)</label>
<input type="date" name="client_date">
<p class="help-text">Defaults to today: {{ day_of_week }}</p>
<!-- After -->
<label for="passphrase">Passphrase</label>
<input type="text" name="passphrase" required
placeholder="Enter at least {{ recommended_passphrase_words }} words">
<p class="help-text">
v3.2.0: No date needed! Use your passphrase anytime.
</p>
```
### decode.html
**Changes needed:**
```html
<!-- Before -->
<label for="day_phrase">Day Phrase</label>
<input type="text" name="day_phrase" required>
<label for="stego_date">Encoding Date</label>
<input type="date" name="stego_date" id="stego_date">
<p class="help-text">Will be auto-detected from filename if possible</p>
<script>
// Auto-detect date from filename
stegoInput.addEventListener('change', function() {
const filename = this.files[0]?.name || '';
const dateMatch = filename.match(/_(\d{4})(\d{2})(\d{2})/);
if (dateMatch) {
document.getElementById('stego_date').value =
`${dateMatch[1]}-${dateMatch[2]}-${dateMatch[3]}`;
}
});
</script>
<!-- After -->
<label for="passphrase">Passphrase</label>
<input type="text" name="passphrase" required
placeholder="Enter your passphrase">
<p class="help-text">
v3.2.0: No date needed to decode!
</p>
<!-- Remove date detection script -->
```
### index.html
**Changes needed:**
```html
<!-- Before -->
<p>Generate daily passphrases and security credentials</p>
<p>Hide messages using day-specific phrases</p>
<!-- After -->
<p>Generate passphrases and security credentials</p>
<p>v3.2.0: Simplified - no more daily rotation!</p>
```
### about.html
**Add v3.2.0 section:**
```html
<h2>Version 3.2.0 Changes</h2>
<ul>
<li><strong>No date dependency</strong> - Encode and decode anytime without tracking dates</li>
<li><strong>Single passphrase</strong> - No more daily rotation, just remember one strong passphrase</li>
<li><strong>Better security</strong> - Default passphrase length increased to 4 words</li>
<li><strong>Asynchronous ready</strong> - Perfect for dead drops and delayed delivery</li>
</ul>
```
## JavaScript Changes Needed
### Remove date-related code:
```javascript
// REMOVE THIS (date detection from filename)
function detectDateFromFilename(filename) {
const match = filename.match(/_(\d{4})(\d{2})(\d{2})/);
if (match) {
return `${match[1]}-${match[2]}-${match[3]}`;
}
return null;
}
// REMOVE THIS (day-of-week display)
function updateDayOfWeek() {
const dateInput = document.getElementById('client_date');
const dayDisplay = document.getElementById('day_display');
// ...
}
```
### Update validation:
```javascript
// Before
const dayPhrase = document.getElementById('day_phrase').value;
if (!dayPhrase || dayPhrase.trim().length === 0) {
alert('Day phrase is required');
return false;
}
// After
const passphrase = document.getElementById('passphrase').value;
if (!passphrase || passphrase.trim().length === 0) {
alert('Passphrase is required');
return false;
}
// Add word count validation
const words = passphrase.trim().split(/\s+/);
if (words.length < {{ min_passphrase_words }}) {
alert(`Passphrase should have at least {{ recommended_passphrase_words }} words`);
return false;
}
```
## CSS Updates
Add styling for passphrase warnings:
```css
.passphrase-display {
background: #f5f5f5;
padding: 15px;
border-radius: 5px;
margin: 10px 0;
}
.passphrase-display code {
font-size: 1.2em;
color: #2c3e50;
word-break: break-word;
}
.help-text.v3-2-0 {
color: #3498db;
font-weight: bold;
}
.flash.warning {
background-color: #fff3cd;
border-left: 4px solid #ffc107;
color: #856404;
}
```
## Migration Notes for Users
Add to templates:
```html
<div class="alert alert-info">
<h4>⚠️ v3.2.0 Breaking Changes</h4>
<p>If you have messages encoded with v3.1.0:</p>
<ul>
<li>They cannot be decoded with v3.2.0</li>
<li>You need the original v3.1.0 installation to decode them</li>
<li>After decoding, you can re-encode with v3.2.0</li>
</ul>
</div>
```
## Form Field Summary
### Changed Field Names
| Old Name (v3.1.0) | New Name (v3.2.0) | Type |
|-------------------|-------------------|------|
| `day_phrase` | `passphrase` | text input |
| `words_per_phrase` | `words_per_passphrase` | number input |
| `client_date` | (removed) | date input |
| `stego_date` | (removed) | date input |
### New Validation Attributes
```html
<input type="text" name="passphrase"
required
minlength="{{ min_passphrase_words * 4 }}"
placeholder="Enter at least {{ recommended_passphrase_words }} words"
pattern="^\s*\S+(\s+\S+){3,}.*$"
title="Please enter at least 4 words">
```
## Testing Checklist
- [ ] Generate page creates single passphrase
- [ ] Generate page shows correct entropy (4 words = 44 bits)
- [ ] Generate page doesn't show day names
- [ ] Encode page accepts passphrase (not day_phrase)
- [ ] Encode page doesn't have date selection
- [ ] Encode page shows v3.2.0 help text
- [ ] Decode page accepts passphrase
- [ ] Decode page doesn't have date input
- [ ] Decode page doesn't auto-detect date from filename
- [ ] Error messages say "passphrase" not "day phrase"
- [ ] Validation shows warnings for short passphrases
- [ ] QR code functionality still works
- [ ] DCT mode options still work
- [ ] All flash messages updated
## Implementation Status
✅ Flask routes updated
✅ Form parameter names changed
✅ Function calls updated
✅ Validation added for passphrases
✅ Error messages updated
✅ Template context updated
⏳ Templates need updating (generate.html, encode.html, decode.html, index.html, about.html)
⏳ JavaScript needs updating
⏳ CSS styling for v3.2.0 features
## Quick Reference
**To test the Flask app:**
```bash
cd frontends/web
python app.py
# Visit http://localhost:5000
```
**Key user-facing changes:**
1. Generate: Shows one passphrase, not 7 daily phrases
2. Encode: No date selection, just passphrase
3. Decode: No date needed, just passphrase
**Benefits to highlight:**
- ✅ Simpler UI (fewer fields)
- ✅ No date tracking needed
- ✅ Encode today, decode anytime
- ✅ Perfect for asynchronous communications

159
frontends/web/app.py
View File

@@ -1,9 +1,16 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
""" """
Stegasoo Web Frontend (v3.0.1) Stegasoo Web Frontend (v3.2.0)
Flask-based web UI for steganography operations. Flask-based web UI for steganography operations.
Supports both text messages and file embedding. Supports both text messages and file embedding.
CHANGES in v3.2.0:
- Removed date dependency from all operations
- Renamed day_phrase → passphrase
- No date selection or tracking needed
- Simplified user experience for asynchronous communications
NEW in v3.0: LSB and DCT embedding modes with advanced options. NEW in v3.0: LSB and DCT embedding modes with advanced options.
NEW in v3.0.1: DCT output format selection (PNG or JPEG) and color mode (grayscale or color). NEW in v3.0.1: DCT output format selection (PNG or JPEG) and color mode (grayscale or color).
""" """
@@ -31,13 +38,12 @@ from stegasoo import (
export_rsa_key_pem, load_rsa_key, export_rsa_key_pem, load_rsa_key,
validate_pin, validate_message, validate_image, validate_pin, validate_message, validate_image,
validate_rsa_key, validate_security_factors, validate_rsa_key, validate_security_factors,
validate_file_payload, validate_file_payload, validate_passphrase,
get_today_day, generate_filename, generate_filename,
DAY_NAMES,
StegasooError, DecryptionError, CapacityError, StegasooError, DecryptionError, CapacityError,
has_argon2, has_argon2,
FilePayload, FilePayload,
# NEW in v3.0 - Embedding modes # Embedding modes
EMBED_MODE_LSB, EMBED_MODE_LSB,
EMBED_MODE_DCT, EMBED_MODE_DCT,
EMBED_MODE_AUTO, EMBED_MODE_AUTO,
@@ -49,6 +55,8 @@ from stegasoo.constants import (
__version__, __version__,
MAX_MESSAGE_SIZE, MAX_MESSAGE_CHARS, MAX_MESSAGE_SIZE, MAX_MESSAGE_CHARS,
MIN_PIN_LENGTH, MAX_PIN_LENGTH, MIN_PIN_LENGTH, MAX_PIN_LENGTH,
MIN_PASSPHRASE_WORDS, RECOMMENDED_PASSPHRASE_WORDS,
DEFAULT_PASSPHRASE_WORDS,
VALID_RSA_SIZES, MAX_FILE_SIZE, VALID_RSA_SIZES, MAX_FILE_SIZE,
MAX_FILE_PAYLOAD_SIZE, MAX_UPLOAD_SIZE, MAX_FILE_PAYLOAD_SIZE, MAX_UPLOAD_SIZE,
TEMP_FILE_EXPIRY, TEMP_FILE_EXPIRY_MINUTES, TEMP_FILE_EXPIRY, TEMP_FILE_EXPIRY_MINUTES,
@@ -111,26 +119,28 @@ def inject_globals():
'temp_file_expiry_minutes': TEMP_FILE_EXPIRY_MINUTES, 'temp_file_expiry_minutes': TEMP_FILE_EXPIRY_MINUTES,
'min_pin_length': MIN_PIN_LENGTH, 'min_pin_length': MIN_PIN_LENGTH,
'max_pin_length': MAX_PIN_LENGTH, 'max_pin_length': MAX_PIN_LENGTH,
# NEW in v3.2.0
'min_passphrase_words': MIN_PASSPHRASE_WORDS,
'recommended_passphrase_words': RECOMMENDED_PASSPHRASE_WORDS,
'default_passphrase_words': DEFAULT_PASSPHRASE_WORDS,
# NEW in v3.0 # NEW in v3.0
'has_dct': has_dct_support(), 'has_dct': has_dct_support(),
} }
# ============================================================================ # ============================================================================
# CONFIGURATION (for override attempts - currently using constants.py values) # CONFIGURATION
# ============================================================================ # ============================================================================
# Try to import and override stegasoo constants if possible
try: try:
# Check current limits print(f"Stegasoo v{__version__} - Web Frontend")
print(f"Current MAX_FILE_SIZE from constants: {MAX_FILE_SIZE}") print(f"Current MAX_FILE_SIZE: {MAX_FILE_SIZE}")
print(f"Current MAX_FILE_PAYLOAD_SIZE: {MAX_FILE_PAYLOAD_SIZE}") print(f"Current MAX_FILE_PAYLOAD_SIZE: {MAX_FILE_PAYLOAD_SIZE}")
print(f"DCT support available: {has_dct_support()}") print(f"DCT support: {has_dct_support()}")
print(f"QR code support: write={HAS_QRCODE}, read={HAS_QRCODE_READ}")
DESIRED_PAYLOAD_SIZE = 2 * 1024 * 1024 # 2MB DESIRED_PAYLOAD_SIZE = 2 * 1024 * 1024 # 2MB
# Note: You might need to patch the stegasoo module
# if MAX_FILE_PAYLOAD_SIZE is used internally
if hasattr(stegasoo, 'MAX_FILE_PAYLOAD_SIZE'): if hasattr(stegasoo, 'MAX_FILE_PAYLOAD_SIZE'):
print(f"Overriding MAX_FILE_PAYLOAD_SIZE to {DESIRED_PAYLOAD_SIZE}") print(f"Overriding MAX_FILE_PAYLOAD_SIZE to {DESIRED_PAYLOAD_SIZE}")
stegasoo.MAX_FILE_PAYLOAD_SIZE = DESIRED_PAYLOAD_SIZE stegasoo.MAX_FILE_PAYLOAD_SIZE = DESIRED_PAYLOAD_SIZE
@@ -165,7 +175,6 @@ def generate_thumbnail(image_data: bytes, size: tuple = THUMBNAIL_SIZE) -> bytes
img.save(buffer, format='JPEG', quality=THUMBNAIL_QUALITY, optimize=True) img.save(buffer, format='JPEG', quality=THUMBNAIL_QUALITY, optimize=True)
return buffer.getvalue() return buffer.getvalue()
except Exception as e: except Exception as e:
# Log error but don't crash
print(f"Thumbnail generation error: {e}") print(f"Thumbnail generation error: {e}")
return None return None
@@ -212,7 +221,8 @@ def index():
@app.route('/generate', methods=['GET', 'POST']) @app.route('/generate', methods=['GET', 'POST'])
def generate(): def generate():
if request.method == 'POST': if request.method == 'POST':
words_per_phrase = int(request.form.get('words_per_phrase', 3)) # v3.2.0: Changed from words_per_phrase to words_per_passphrase, default increased to 4
words_per_passphrase = int(request.form.get('words_per_passphrase', DEFAULT_PASSPHRASE_WORDS))
use_pin = request.form.get('use_pin') == 'on' use_pin = request.form.get('use_pin') == 'on'
use_rsa = request.form.get('use_rsa') == 'on' use_rsa = request.form.get('use_rsa') == 'on'
@@ -224,7 +234,7 @@ def generate():
rsa_bits = int(request.form.get('rsa_bits', 2048)) rsa_bits = int(request.form.get('rsa_bits', 2048))
# Clamp values # Clamp values
words_per_phrase = max(3, min(12, words_per_phrase)) words_per_passphrase = max(MIN_PASSPHRASE_WORDS, min(12, words_per_passphrase))
pin_length = max(MIN_PIN_LENGTH, min(MAX_PIN_LENGTH, pin_length)) pin_length = max(MIN_PIN_LENGTH, min(MAX_PIN_LENGTH, pin_length))
if rsa_bits not in VALID_RSA_SIZES: if rsa_bits not in VALID_RSA_SIZES:
rsa_bits = 2048 rsa_bits = 2048
@@ -235,7 +245,7 @@ def generate():
use_rsa=use_rsa, use_rsa=use_rsa,
pin_length=pin_length, pin_length=pin_length,
rsa_bits=rsa_bits, rsa_bits=rsa_bits,
words_per_phrase=words_per_phrase words_per_passphrase=words_per_passphrase
) )
# Store RSA key temporarily for QR generation # Store RSA key temporarily for QR generation
@@ -261,18 +271,18 @@ def generate():
'compress': qr_needs_compression 'compress': qr_needs_compression
} }
# v3.2.0: Single passphrase instead of daily phrases
return render_template('generate.html', return render_template('generate.html',
phrases=creds.phrases, passphrase=creds.passphrase, # v3.2.0: Single passphrase
pin=creds.pin, pin=creds.pin,
days=DAY_NAMES,
generated=True, generated=True,
words_per_phrase=words_per_phrase, words_per_passphrase=words_per_passphrase,
pin_length=pin_length if use_pin else None, pin_length=pin_length if use_pin else None,
use_pin=use_pin, use_pin=use_pin,
use_rsa=use_rsa, use_rsa=use_rsa,
rsa_bits=rsa_bits, rsa_bits=rsa_bits,
rsa_key_pem=creds.rsa_key_pem, rsa_key_pem=creds.rsa_key_pem,
phrase_entropy=creds.phrase_entropy, passphrase_entropy=creds.passphrase_entropy,
pin_entropy=creds.pin_entropy, pin_entropy=creds.pin_entropy,
rsa_entropy=creds.rsa_entropy, rsa_entropy=creds.rsa_entropy,
total_entropy=creds.total_entropy, total_entropy=creds.total_entropy,
@@ -497,8 +507,6 @@ def api_check_fit():
@app.route('/encode', methods=['GET', 'POST']) @app.route('/encode', methods=['GET', 'POST'])
def encode_page(): def encode_page():
day_of_week = get_today_day()
if request.method == 'POST': if request.method == 'POST':
try: try:
# Get files # Get files
@@ -509,15 +517,15 @@ def encode_page():
if not ref_photo or not carrier: if not ref_photo or not carrier:
flash('Both reference photo and carrier image are required', 'error') flash('Both reference photo and carrier image are required', 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
if not allowed_image(ref_photo.filename) or not allowed_image(carrier.filename): if not allowed_image(ref_photo.filename) or not allowed_image(carrier.filename):
flash('Invalid file type. Use PNG, JPG, or BMP', 'error') flash('Invalid file type. Use PNG, JPG, or BMP', 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
# Get form data # Get form data - v3.2.0: renamed from day_phrase to passphrase
message = request.form.get('message', '') message = request.form.get('message', '')
day_phrase = request.form.get('day_phrase', '') passphrase = request.form.get('passphrase', '') # v3.2.0: Renamed
pin = request.form.get('pin', '').strip() pin = request.form.get('pin', '').strip()
rsa_password = request.form.get('rsa_password', '') rsa_password = request.form.get('rsa_password', '')
payload_type = request.form.get('payload_type', 'text') payload_type = request.form.get('payload_type', 'text')
@@ -532,7 +540,7 @@ def encode_page():
if dct_output_format not in ('png', 'jpeg'): if dct_output_format not in ('png', 'jpeg'):
dct_output_format = 'png' dct_output_format = 'png'
# NEW in v3.0.1 - DCT color mode (default to 'color') # NEW in v3.0.1 - DCT color mode
dct_color_mode = request.form.get('dct_color_mode', 'color') dct_color_mode = request.form.get('dct_color_mode', 'color')
if dct_color_mode not in ('grayscale', 'color'): if dct_color_mode not in ('grayscale', 'color'):
dct_color_mode = 'color' dct_color_mode = 'color'
@@ -540,7 +548,7 @@ def encode_page():
# Check DCT availability # Check DCT availability
if embed_mode == 'dct' and not has_dct_support(): if embed_mode == 'dct' and not has_dct_support():
flash('DCT mode requires scipy. Install with: pip install scipy', 'error') flash('DCT mode requires scipy. Install with: pip install scipy', 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
# Determine payload # Determine payload
if payload_type == 'file' and payload_file and payload_file.filename: if payload_type == 'file' and payload_file and payload_file.filename:
@@ -550,7 +558,7 @@ def encode_page():
result = validate_file_payload(file_data, payload_file.filename) result = validate_file_payload(file_data, payload_file.filename)
if not result.is_valid: if not result.is_valid:
flash(result.error_message, 'error') flash(result.error_message, 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
mime_type, _ = mimetypes.guess_type(payload_file.filename) mime_type, _ = mimetypes.guess_type(payload_file.filename)
payload = FilePayload( payload = FilePayload(
@@ -563,12 +571,23 @@ def encode_page():
result = validate_message(message) result = validate_message(message)
if not result.is_valid: if not result.is_valid:
flash(result.error_message, 'error') flash(result.error_message, 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
payload = message payload = message
if not day_phrase: # v3.2.0: Renamed from day_phrase
flash('Day phrase is required', 'error') if not passphrase:
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) flash('Passphrase is required', 'error')
return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
# v3.2.0: Validate passphrase
result = validate_passphrase(passphrase)
if not result.is_valid:
flash(result.error_message, 'error')
return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
# Show warning if passphrase is short
if result.warning:
flash(result.warning, 'warning')
# Read files # Read files
ref_data = ref_photo.read() ref_data = ref_photo.read()
@@ -577,36 +596,34 @@ def encode_page():
# Handle RSA key - can come from .pem file or QR code image # Handle RSA key - can come from .pem file or QR code image
rsa_key_data = None rsa_key_data = None
rsa_key_qr = request.files.get('rsa_key_qr') rsa_key_qr = request.files.get('rsa_key_qr')
rsa_key_from_qr = False # Track source for password handling rsa_key_from_qr = False
if rsa_key_file and rsa_key_file.filename: if rsa_key_file and rsa_key_file.filename:
# RSA key from .pem file
rsa_key_data = rsa_key_file.read() rsa_key_data = rsa_key_file.read()
elif rsa_key_qr and rsa_key_qr.filename and HAS_QRCODE_READ: elif rsa_key_qr and rsa_key_qr.filename and HAS_QRCODE_READ:
# RSA key from QR code image
qr_image_data = rsa_key_qr.read() qr_image_data = rsa_key_qr.read()
key_pem = extract_key_from_qr(qr_image_data) key_pem = extract_key_from_qr(qr_image_data)
if key_pem: if key_pem:
rsa_key_data = key_pem.encode('utf-8') rsa_key_data = key_pem.encode('utf-8')
rsa_key_from_qr = True # QR keys are never password-protected rsa_key_from_qr = True
else: else:
flash('Could not extract RSA key from QR code image. Make sure the image contains a valid QR code.', 'error') flash('Could not extract RSA key from QR code image.', 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
# Validate security factors # Validate security factors
result = validate_security_factors(pin, rsa_key_data) result = validate_security_factors(pin, rsa_key_data)
if not result.is_valid: if not result.is_valid:
flash(result.error_message, 'error') flash(result.error_message, 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
# Validate PIN if provided # Validate PIN if provided
if pin: if pin:
result = validate_pin(pin) result = validate_pin(pin)
if not result.is_valid: if not result.is_valid:
flash(result.error_message, 'error') flash(result.error_message, 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
# Determine key password - QR code keys are never password-protected # Determine key password
key_password = None if rsa_key_from_qr else (rsa_password if rsa_password else None) key_password = None if rsa_key_from_qr else (rsa_password if rsa_password else None)
# Validate RSA key if provided # Validate RSA key if provided
@@ -614,31 +631,24 @@ def encode_page():
result = validate_rsa_key(rsa_key_data, key_password) result = validate_rsa_key(rsa_key_data, key_password)
if not result.is_valid: if not result.is_valid:
flash(result.error_message, 'error') flash(result.error_message, 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
# Validate carrier image # Validate carrier image
result = validate_image(carrier_data, "Carrier image") result = validate_image(carrier_data, "Carrier image")
if not result.is_valid: if not result.is_valid:
flash(result.error_message, 'error') flash(result.error_message, 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
# Get date # v3.2.0: No date parameter needed
client_date = request.form.get('client_date', '').strip()
if client_date and len(client_date) == 10 and client_date[4] == '-' and client_date[7] == '-':
date_str = client_date
else:
date_str = datetime.now().strftime('%Y-%m-%d')
# Encode with selected mode, output format, and color mode
encode_result = encode( encode_result = encode(
message=payload, message=payload,
reference_photo=ref_data, reference_photo=ref_data,
carrier_image=carrier_data, carrier_image=carrier_data,
day_phrase=day_phrase, passphrase=passphrase, # v3.2.0: Renamed from day_phrase
pin=pin, pin=pin,
rsa_key_data=rsa_key_data, rsa_key_data=rsa_key_data,
rsa_password=key_password, rsa_password=key_password,
date_str=date_str, # date_str removed in v3.2.0
embed_mode=embed_mode, embed_mode=embed_mode,
dct_output_format=dct_output_format if embed_mode == 'dct' else None, dct_output_format=dct_output_format if embed_mode == 'dct' else None,
dct_color_mode=dct_color_mode if embed_mode == 'dct' else None, dct_color_mode=dct_color_mode if embed_mode == 'dct' else None,
@@ -648,7 +658,6 @@ def encode_page():
if embed_mode == 'dct' and dct_output_format == 'jpeg': if embed_mode == 'dct' and dct_output_format == 'jpeg':
output_ext = '.jpg' output_ext = '.jpg'
output_mime = 'image/jpeg' output_mime = 'image/jpeg'
# Modify filename extension if needed
filename = encode_result.filename filename = encode_result.filename
if filename.endswith('.png'): if filename.endswith('.png'):
filename = filename[:-4] + '.jpg' filename = filename[:-4] + '.jpg'
@@ -674,15 +683,15 @@ def encode_page():
except CapacityError as e: except CapacityError as e:
flash(str(e), 'error') flash(str(e), 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
except StegasooError as e: except StegasooError as e:
flash(str(e), 'error') flash(str(e), 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
except Exception as e: except Exception as e:
flash(f'Error: {e}', 'error') flash(f'Error: {e}', 'error')
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
return render_template('encode.html', day_of_week=day_of_week, has_qrcode_read=HAS_QRCODE_READ) return render_template('encode.html', has_qrcode_read=HAS_QRCODE_READ)
@app.route('/encode/result/<file_id>') @app.route('/encode/result/<file_id>')
@@ -707,7 +716,7 @@ def encode_result(file_id):
thumbnail_url=url_for('encode_thumbnail', thumb_id=thumbnail_id) if thumbnail_id else None, thumbnail_url=url_for('encode_thumbnail', thumb_id=thumbnail_id) if thumbnail_id else None,
embed_mode=file_info.get('embed_mode', 'lsb'), embed_mode=file_info.get('embed_mode', 'lsb'),
output_format=file_info.get('output_format', 'png'), output_format=file_info.get('output_format', 'png'),
color_mode=file_info.get('color_mode'), # NEW in v3.0.1 color_mode=file_info.get('color_mode'),
) )
@@ -787,8 +796,8 @@ def decode_page():
flash('Both reference photo and stego image are required', 'error') flash('Both reference photo and stego image are required', 'error')
return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ) return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ)
# Get form data # Get form data - v3.2.0: renamed from day_phrase to passphrase
day_phrase = request.form.get('day_phrase', '') passphrase = request.form.get('passphrase', '') # v3.2.0: Renamed
pin = request.form.get('pin', '').strip() pin = request.form.get('pin', '').strip()
rsa_password = request.form.get('rsa_password', '') rsa_password = request.form.get('rsa_password', '')
@@ -802,11 +811,11 @@ def decode_page():
flash('DCT mode requires scipy. Install with: pip install scipy', 'error') flash('DCT mode requires scipy. Install with: pip install scipy', 'error')
return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ) return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ)
# Get encoding date from form (detected from filename in JS) # v3.2.0: Removed date handling (no stego_date needed)
stego_date = request.form.get('stego_date', '').strip()
if not day_phrase: # v3.2.0: Renamed from day_phrase
flash('Day phrase is required', 'error') if not passphrase:
flash('Passphrase is required', 'error')
return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ) return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ)
# Read files # Read files
@@ -816,20 +825,18 @@ def decode_page():
# Handle RSA key - can come from .pem file or QR code image # Handle RSA key - can come from .pem file or QR code image
rsa_key_data = None rsa_key_data = None
rsa_key_qr = request.files.get('rsa_key_qr') rsa_key_qr = request.files.get('rsa_key_qr')
rsa_key_from_qr = False # Track source for password handling rsa_key_from_qr = False
if rsa_key_file and rsa_key_file.filename: if rsa_key_file and rsa_key_file.filename:
# RSA key from .pem file
rsa_key_data = rsa_key_file.read() rsa_key_data = rsa_key_file.read()
elif rsa_key_qr and rsa_key_qr.filename and HAS_QRCODE_READ: elif rsa_key_qr and rsa_key_qr.filename and HAS_QRCODE_READ:
# RSA key from QR code image
qr_image_data = rsa_key_qr.read() qr_image_data = rsa_key_qr.read()
key_pem = extract_key_from_qr(qr_image_data) key_pem = extract_key_from_qr(qr_image_data)
if key_pem: if key_pem:
rsa_key_data = key_pem.encode('utf-8') rsa_key_data = key_pem.encode('utf-8')
rsa_key_from_qr = True # QR keys are never password-protected rsa_key_from_qr = True
else: else:
flash('Could not extract RSA key from QR code image. Make sure the image contains a valid QR code.', 'error') flash('Could not extract RSA key from QR code image.', 'error')
return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ) return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ)
# Validate security factors # Validate security factors
@@ -845,7 +852,7 @@ def decode_page():
flash(result.error_message, 'error') flash(result.error_message, 'error')
return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ) return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ)
# Determine key password - QR code keys are never password-protected # Determine key password
key_password = None if rsa_key_from_qr else (rsa_password if rsa_password else None) key_password = None if rsa_key_from_qr else (rsa_password if rsa_password else None)
# Validate RSA key if provided # Validate RSA key if provided
@@ -855,15 +862,15 @@ def decode_page():
flash(result.error_message, 'error') flash(result.error_message, 'error')
return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ) return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ)
# Decode with selected mode # v3.2.0: No date_str parameter needed
decode_result = decode( decode_result = decode(
stego_image=stego_data, stego_image=stego_data,
reference_photo=ref_data, reference_photo=ref_data,
day_phrase=day_phrase, passphrase=passphrase, # v3.2.0: Renamed from day_phrase
pin=pin, pin=pin,
rsa_key_data=rsa_key_data, rsa_key_data=rsa_key_data,
rsa_password=key_password, rsa_password=key_password,
date_str=stego_date if stego_date else None, # date_str removed in v3.2.0
embed_mode=embed_mode, embed_mode=embed_mode,
) )
@@ -892,7 +899,7 @@ def decode_page():
return render_template('decode.html', decoded_message=decode_result.message) return render_template('decode.html', decoded_message=decode_result.message)
except DecryptionError: except DecryptionError:
flash('Decryption failed. Check your phrase, PIN, RSA key, and reference photo.', 'error') flash('Decryption failed. Check your passphrase, PIN, RSA key, and reference photo.', 'error')
return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ) return render_template('decode.html', has_qrcode_read=HAS_QRCODE_READ)
except StegasooError as e: except StegasooError as e:
flash(str(e), 'error') flash(str(e), 'error')

49
frontends/web/templates/about.html
View File

@@ -27,7 +27,7 @@
<li class="mb-2"> <li class="mb-2">
<i class="bi bi-check-circle text-success me-2"></i> <i class="bi bi-check-circle text-success me-2"></i>
<strong>Multi-Factor Security</strong> <strong>Multi-Factor Security</strong>
<br><small class="text-muted">Combines photo + phrase + PIN/RSA key</small> <br><small class="text-muted">Combines photo + passphrase + PIN/RSA key</small>
</li> </li>
<li class="mb-2"> <li class="mb-2">
<i class="bi bi-check-circle text-success me-2"></i> <i class="bi bi-check-circle text-success me-2"></i>
@@ -36,8 +36,9 @@
</li> </li>
<li class="mb-2"> <li class="mb-2">
<i class="bi bi-check-circle text-success me-2"></i> <i class="bi bi-check-circle text-success me-2"></i>
<strong>Daily Rotating Phrases</strong> <strong>Single Passphrase</strong>
<br><small class="text-muted">Different passphrase each day of the week</small> <span class="badge bg-success ms-1">v3.2.0</span>
<br><small class="text-muted">Stronger default security</small>
</li> </li>
</ul> </ul>
</div> </div>
@@ -70,7 +71,7 @@
</div> </div>
</div> </div>
<!-- Embedding Modes - NEW SECTION --> <!-- Embedding Modes -->
<div class="card mb-4"> <div class="card mb-4">
<div class="card-header"> <div class="card-header">
<h5 class="mb-0"><i class="bi bi-cpu me-2"></i>Embedding Modes</h5> <h5 class="mb-0"><i class="bi bi-cpu me-2"></i>Embedding Modes</h5>
@@ -213,9 +214,10 @@
<div class="col-md-3 mb-3"> <div class="col-md-3 mb-3">
<div class="p-3 bg-dark rounded"> <div class="p-3 bg-dark rounded">
<i class="bi bi-chat-quote text-warning fs-2 d-block mb-2"></i> <i class="bi bi-chat-quote text-warning fs-2 d-block mb-2"></i>
<strong>Daily Phrase</strong> <strong>Passphrase</strong>
<div class="small text-muted mt-1">Something you know (rotates)</div> <span class="badge bg-success ms-1">v3.2.0</span>
<div class="small text-success">~33 bits (3 words)</div> <div class="small text-muted mt-1">Something you know</div>
<div class="small text-success">~44 bits (4 words)</div>
</div> </div>
</div> </div>
<div class="col-md-3 mb-3"> <div class="col-md-3 mb-3">
@@ -238,7 +240,7 @@
<div class="alert alert-secondary"> <div class="alert alert-secondary">
<i class="bi bi-calculator me-2"></i> <i class="bi bi-calculator me-2"></i>
<strong>Combined entropy:</strong> 130-400+ bits depending on configuration. <strong>Combined entropy:</strong> 144-424+ bits depending on configuration.
For reference, 128 bits is considered computationally infeasible to brute force. For reference, 128 bits is considered computationally infeasible to brute force.
</div> </div>
@@ -348,10 +350,10 @@
<h6 class="mt-4"><i class="bi bi-code-slash me-2"></i>Example: DCT Encode</h6> <h6 class="mt-4"><i class="bi bi-code-slash me-2"></i>Example: DCT Encode</h6>
<pre class="bg-dark p-3 rounded small"><code># Encode with DCT mode for social media <pre class="bg-dark p-3 rounded small"><code># Encode with DCT mode for social media
curl -X POST "http://localhost:8000/encode/multipart" \ curl -X POST "http://localhost:8000/encode/multipart" \
-F "day_phrase=apple forest thunder" \ -F "passphrase=apple forest thunder mountain" \
-F "pin=123456" \ -F "pin=123456" \
-F "embedding_mode=dct" \ -F "embed_mode=dct" \
-F "output_format=jpeg" \ -F "dct_output_format=jpeg" \
-F "reference_photo=@photo.jpg" \ -F "reference_photo=@photo.jpg" \
-F "carrier=@meme.png" \ -F "carrier=@meme.png" \
-F "message=secret message" \ -F "message=secret message" \
@@ -359,17 +361,19 @@ curl -X POST "http://localhost:8000/encode/multipart" \
<h6 class="mt-4"><i class="bi bi-terminal me-2"></i>Command Line</h6> <h6 class="mt-4"><i class="bi bi-terminal me-2"></i>Command Line</h6>
<pre class="bg-dark p-3 rounded small"><code># Generate credentials <pre class="bg-dark p-3 rounded small"><code># Generate credentials
stegasoo generate --pin --words 3 stegasoo generate --pin --words 4
# Encode with LSB (default) # Encode with LSB (default)
stegasoo encode -r photo.jpg -c meme.png -p "phrase" --pin 123456 -m "secret" stegasoo encode -r photo.jpg -c meme.png -p "apple forest thunder mountain" \
--pin 123456 -m "secret"
# Encode with DCT for social media # Encode with DCT for social media
stegasoo encode -r photo.jpg -c meme.png -p "phrase" --pin 123456 -m "secret" \ stegasoo encode -r photo.jpg -c meme.png -p "apple forest thunder mountain" \
--mode dct --format jpeg --pin 123456 -m "secret" --mode dct --dct-format jpeg
# Decode (auto-detects mode) # Decode (auto-detects mode)
stegasoo decode -r photo.jpg -s stego.png -p "phrase" --pin 123456</code></pre> stegasoo decode -r photo.jpg -s stego.png -p "apple forest thunder mountain" \
--pin 123456</code></pre>
<p class="small text-muted mt-3 mb-0"> <p class="small text-muted mt-3 mb-0">
<span class="badge bg-{% if has_argon2 %}success{% else %}warning{% endif %} me-1"> <span class="badge bg-{% if has_argon2 %}success{% else %}warning{% endif %} me-1">
@@ -403,7 +407,7 @@ stegasoo decode -r photo.jpg -s stego.png -p "phrase" --pin 123456</code></pre>
<ol> <ol>
<li>Both parties agree on a <strong>reference photo</strong> (shared secretly, never transmitted)</li> <li>Both parties agree on a <strong>reference photo</strong> (shared secretly, never transmitted)</li>
<li>Go to <a href="/generate">Generate</a> and create credentials</li> <li>Go to <a href="/generate">Generate</a> and create credentials</li>
<li><strong>Memorize</strong> the 7 daily phrases and PIN</li> <li><strong>Memorize</strong> the passphrase and PIN</li>
<li>If using RSA, download and securely store the key file</li> <li>If using RSA, download and securely store the key file</li>
<li>Share credentials with your contact through a secure channel</li> <li>Share credentials with your contact through a secure channel</li>
</ol> </ol>
@@ -430,7 +434,7 @@ stegasoo decode -r photo.jpg -s stego.png -p "phrase" --pin 123456</code></pre>
</li> </li>
<li>Upload your <strong>reference photo</strong> and <strong>carrier image</strong></li> <li>Upload your <strong>reference photo</strong> and <strong>carrier image</strong></li>
<li>Enter your message or select a file to embed</li> <li>Enter your message or select a file to embed</li>
<li>Enter <strong>today's phrase</strong> and your PIN/key</li> <li>Enter your <strong>passphrase</strong> and PIN/key</li>
<li>Download the resulting stego image</li> <li>Download the resulting stego image</li>
<li>Send through any channel!</li> <li>Send through any channel!</li>
</ol> </ol>
@@ -451,14 +455,13 @@ stegasoo decode -r photo.jpg -s stego.png -p "phrase" --pin 123456</code></pre>
<li>Go to <a href="/decode">Decode</a></li> <li>Go to <a href="/decode">Decode</a></li>
<li>Upload your <strong>reference photo</strong> (same one used for encoding)</li> <li>Upload your <strong>reference photo</strong> (same one used for encoding)</li>
<li>Upload the <strong>stego image</strong> you received</li> <li>Upload the <strong>stego image</strong> you received</li>
<li>Enter the phrase for <strong>the day it was encoded</strong></li> <li>Enter your <strong>passphrase</strong></li>
<li>Enter your PIN and/or RSA key</li> <li>Enter your PIN and/or RSA key</li>
<li>View the decoded message or download the extracted file</li> <li>View the decoded message or download the extracted file</li>
</ol> </ol>
<div class="alert alert-info small mt-3 mb-0"> <div class="alert alert-info small mt-3 mb-0">
<i class="bi bi-magic me-2"></i> <i class="bi bi-magic me-2"></i>
<strong>Auto-detection:</strong> Stegasoo automatically detects LSB vs DCT mode. <strong>Auto-detection:</strong> Stegasoo automatically detects LSB vs DCT mode.
The filename contains the encoding date (e.g., <code>abc123_20251231.png</code>).
</div> </div>
</div> </div>
</div> </div>
@@ -511,8 +514,10 @@ stegasoo decode -r photo.jpg -s stego.png -p "phrase" --pin 123456</code></pre>
<td><strong>2048, 3072, 4096 bits</strong></td> <td><strong>2048, 3072, 4096 bits</strong></td>
</tr> </tr>
<tr> <tr>
<td><i class="bi bi-chat-quote me-2"></i>Phrase length</td> <td><i class="bi bi-chat-quote me-2"></i>Passphrase length
<td><strong>3-12 words</strong> (BIP-39)</td> <span class="badge bg-success ms-1">v3.2.0</span>
</td>
<td><strong>3-12 words</strong> (BIP-39, recommended: 4+ words)</td>
</tr> </tr>
</tbody> </tbody>
</table> </table>

79
frontends/web/templates/encode.html
View File

@@ -11,9 +11,9 @@
</div> </div>
<div class="card-body"> <div class="card-body">
<form method="POST" enctype="multipart/form-data" id="encodeForm"> <form method="POST" enctype="multipart/form-data" id="encodeForm">
<input type="hidden" name="client_date" id="clientDate" value=""> <!-- v3.2.0: Removed client_date hidden field -->
<!-- Embedding Mode Selection - NOW AT THE TOP --> <!-- Embedding Mode Selection -->
<div class="mb-4"> <div class="mb-4">
<label class="form-label"> <label class="form-label">
<i class="bi bi-cpu me-1"></i> Embedding Mode <i class="bi bi-cpu me-1"></i> Embedding Mode
@@ -182,14 +182,21 @@
</div> </div>
</div> </div>
<!-- v3.2.0: Renamed from day_phrase to passphrase, removed date selection -->
<div class="mb-3"> <div class="mb-3">
<label class="form-label" id="dayPhraseLabel"> <label class="form-label" id="passphraseLabel">
<i class="bi bi-chat-quote me-1"></i> Day's Phrase <i class="bi bi-chat-quote me-1"></i> Passphrase
<span class="badge bg-success ms-2">v3.2.0</span>
</label> </label>
<input type="text" name="day_phrase" class="form-control" <input type="text" name="passphrase" class="form-control"
placeholder="e.g., correct horse battery" required> placeholder="e.g., apple forest thunder mountain" required
id="passphraseInput">
<div class="form-text"> <div class="form-text">
Your phrase for <strong>today</strong> (based on your local timezone) Your passphrase for this message
</div>
<div class="form-text mt-1" id="passphraseWarning" style="display: none;">
<i class="bi bi-exclamation-triangle text-warning me-1"></i>
Passphrase should have at least {{ recommended_passphrase_words }} words for good security
</div> </div>
</div> </div>
@@ -232,19 +239,18 @@
<!-- .pem File Input --> <!-- .pem File Input -->
<div id="rsaFileSection"> <div id="rsaFileSection">
<input type="file" name="rsa_key_file" class="form-control form-control-sm" accept=".pem"> <input type="file" name="rsa_key" class="form-control form-control-sm" accept=".pem">
</div> </div>
<!-- QR Code Input --> <!-- QR Code Input -->
<div id="rsaQrSection" class="d-none"> <div id="rsaQrSection" class="d-none">
<div class="drop-zone p-3" id="qrDropZone"> <div class="drop-zone p-3" id="qrDropZone">
<input type="file" name="rsa_qr_image" accept="image/*" id="rsaQrInput"> <input type="file" name="rsa_key_qr" accept="image/*" id="rsaQrInput">
<div class="drop-zone-label text-center"> <div class="drop-zone-label text-center">
<i class="bi bi-qr-code-scan fs-4 d-block text-muted mb-1"></i> <i class="bi bi-qr-code-scan fs-4 d-block text-muted mb-1"></i>
<span class="text-muted small">Drop QR image or click to browse</span> <span class="text-muted small">Drop QR image or click to browse</span>
</div> </div>
</div> </div>
<input type="hidden" name="rsa_key_pem_from_qr" id="rsaKeyFromQr">
</div> </div>
<!-- Key Password (always visible) --> <!-- Key Password (always visible) -->
@@ -373,25 +379,7 @@
{% block scripts %} {% block scripts %}
<script> <script>
// Detect client's local date and day // v3.2.0: Removed date detection - no longer needed!
const now = new Date();
const dayNames = ['Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday'];
const localDay = dayNames[now.getDay()];
const localDate = now.getFullYear() + '-' +
String(now.getMonth() + 1).padStart(2, '0') + '-' +
String(now.getDate()).padStart(2, '0');
// Update day label to client's local day
const dayLabel = document.getElementById('dayPhraseLabel');
if (dayLabel) {
dayLabel.innerHTML = `<i class="bi bi-chat-quote me-1"></i>Secure with <span class="day-of-week-highlight">${localDay}</span>'s Phrase`;
}
// Set hidden field with client's local date for server
const dateInput = document.getElementById('clientDate');
if (dateInput) {
dateInput.value = localDate;
}
// Payload type switching // Payload type switching
const payloadTextRadio = document.getElementById('payloadText'); const payloadTextRadio = document.getElementById('payloadText');
@@ -418,6 +406,23 @@ function updatePayloadSection() {
payloadTextRadio.addEventListener('change', updatePayloadSection); payloadTextRadio.addEventListener('change', updatePayloadSection);
payloadFileRadio.addEventListener('change', updatePayloadSection); payloadFileRadio.addEventListener('change', updatePayloadSection);
// Passphrase validation (v3.2.0)
const passphraseInput = document.getElementById('passphraseInput');
const passphraseWarning = document.getElementById('passphraseWarning');
if (passphraseInput) {
passphraseInput.addEventListener('input', function() {
const words = this.value.trim().split(/\s+/).filter(w => w.length > 0);
const recommendedWords = {{ recommended_passphrase_words }};
if (words.length > 0 && words.length < recommendedWords) {
passphraseWarning.style.display = 'block';
} else {
passphraseWarning.style.display = 'none';
}
});
}
// Payload file info display // Payload file info display
payloadFileInput.addEventListener('change', function() { payloadFileInput.addEventListener('change', function() {
const fileInfo = document.getElementById('fileInfo'); const fileInfo = document.getElementById('fileInfo');
@@ -471,9 +476,9 @@ carrierInput.addEventListener('change', function() {
function fetchCapacityComparison(file) { function fetchCapacityComparison(file) {
const formData = new FormData(); const formData = new FormData();
formData.append('image', file); formData.append('carrier', file);
fetch('/api/capacity', { fetch('/api/compare-capacity', {
method: 'POST', method: 'POST',
body: formData body: formData
}) })
@@ -485,11 +490,11 @@ function fetchCapacityComparison(file) {
} }
document.getElementById('carrierDimensions').textContent = document.getElementById('carrierDimensions').textContent =
`${data.width} × ${data.height} (${(data.pixels / 1000000).toFixed(1)} MP)`; `${data.width} × ${data.height} (${(data.width * data.height / 1000000).toFixed(1)} MP)`;
document.getElementById('lsbCapacityBadge').textContent = document.getElementById('lsbCapacityBadge').textContent =
`LSB: ${data.lsb_capacity_kb} KB`; `LSB: ${data.lsb.capacity_kb} KB`;
document.getElementById('dctCapacityBadge').textContent = document.getElementById('dctCapacityBadge').textContent =
`DCT: ${data.dct_capacity_kb} KB`; `DCT: ${data.dct.capacity_kb} KB`;
capacityPanel.classList.remove('d-none'); capacityPanel.classList.remove('d-none');
}) })
@@ -729,17 +734,17 @@ if (rsaQrInput) {
const formData = new FormData(); const formData = new FormData();
formData.append('qr_image', this.files[0]); formData.append('qr_image', this.files[0]);
fetch('/api/decode-qr', { fetch('/extract-key-from-qr', {
method: 'POST', method: 'POST',
body: formData body: formData
}) })
.then(response => response.json()) .then(response => response.json())
.then(data => { .then(data => {
if (data.error) { if (!data.success) {
alert('QR decode failed: ' + data.error); alert('QR decode failed: ' + data.error);
return; return;
} }
document.getElementById('rsaKeyFromQr').value = data.pem_data; // Visual feedback
document.querySelector('#qrDropZone .drop-zone-label').innerHTML = document.querySelector('#qrDropZone .drop-zone-label').innerHTML =
'<i class="bi bi-check-circle text-success me-1"></i>RSA Key loaded from QR'; '<i class="bi bi-check-circle text-success me-1"></i>RSA Key loaded from QR';
}) })

6
frontends/web/templates/encode_result.html
View File

@@ -7,7 +7,9 @@
<div class="col-lg-6"> <div class="col-lg-6">
<div class="card"> <div class="card">
<div class="card-header bg-success text-white"> <div class="card-header bg-success text-white">
<h5 class="mb-0"><i class="bi bi-check-circle me-2"></i>Encoding Successful!</h5> <h5 class="mb-0">
<i class="bi bi-check-circle me-2"></i>Encoding Successful!
</h5>
</div> </div>
<div class="card-body text-center"> <div class="card-body text-center">
<div class="my-4"> <div class="my-4">
@@ -34,7 +36,7 @@
<code class="fs-5">{{ filename }}</code> <code class="fs-5">{{ filename }}</code>
</div> </div>
<!-- Mode and format badges (v3.0 / v3.0.1) --> <!-- Mode and format badges -->
<div class="mb-4"> <div class="mb-4">
{% if embed_mode == 'dct' %} {% if embed_mode == 'dct' %}
<span class="badge bg-info fs-6"> <span class="badge bg-info fs-6">

272
frontends/web/templates/generate.html
View File

@@ -14,14 +14,18 @@
<!-- Generation Form --> <!-- Generation Form -->
<form method="POST"> <form method="POST">
<div class="mb-4"> <div class="mb-4">
<label class="form-label">Words per Phrase</label> <label class="form-label">Words per Passphrase</label>
<input type="range" class="form-range" name="words_per_phrase" <input type="range" class="form-range" name="words_per_passphrase"
min="3" max="12" value="3" id="wordsRange"> min="{{ min_passphrase_words }}" max="12" value="{{ default_passphrase_words }}" id="wordsRange">
<div class="d-flex justify-content-between small text-muted"> <div class="d-flex justify-content-between small text-muted">
<span>3 (33 bits)</span> <span>{{ min_passphrase_words }} (~33 bits)</span>
<span id="wordsValue" class="text-primary fw-bold">3 words (~33 bits)</span> <span id="wordsValue" class="text-primary fw-bold">{{ default_passphrase_words }} words (~44 bits)</span>
<span>12 (132 bits)</span> <span>12 (132 bits)</span>
</div> </div>
<div class="form-text">
<i class="bi bi-shield-check me-1"></i>
Recommended: <strong>{{ recommended_passphrase_words }}+ words</strong> for good security
</div>
</div> </div>
<hr> <hr>
@@ -106,25 +110,58 @@
{% endif %} {% endif %}
<div class="mb-4"> <div class="mb-4">
<h6 class="text-muted"><i class="bi bi-chat-quote me-2"></i>DAILY PHRASES</h6> <h6 class="text-muted">
<div class="table-responsive"> <i class="bi bi-chat-quote me-2"></i>PASSPHRASE
<table class="table table-dark table-striped mb-0"> <span class="badge bg-success ms-2">v3.2.0</span>
<tbody> </h6>
{% for day in days %}
<tr> <div class="passphrase-container">
<td class="text-muted" style="width: 100px;">{{ day }}</td> <div class="passphrase-display" id="passphraseDisplay">
<td> <code class="passphrase-text">{{ passphrase }}</code>
<span class="font-monospace phrase-display" id="phrase{{ loop.index }}">{{ phrases[day] }}</span> </div>
</td>
</tr> <div class="passphrase-buttons mt-3">
{% endfor %} <button type="button" class="btn btn-sm btn-outline-secondary me-2" onclick="togglePassphraseVisibility()">
</tbody> <i class="bi bi-eye-slash" id="passphraseToggleIcon"></i>
</table> <span id="passphraseToggleText">Hide</span>
</button>
<button type="button" class="btn btn-sm btn-outline-secondary me-2" onclick="copyPassphrase()">
<i class="bi bi-clipboard" id="passphraseCopyIcon"></i>
<span id="passphraseCopyText">Copy</span>
</button>
<button type="button" class="btn btn-sm btn-outline-primary" onclick="toggleMemoryAid()">
<i class="bi bi-lightbulb" id="memoryAidIcon"></i>
<span id="memoryAidText">Memory Aid</span>
</button>
</div>
</div> </div>
<div class="text-end mt-2">
<button class="btn btn-sm btn-outline-secondary" onclick="toggleAllPhrases()"> <!-- Memory Aid Story -->
<i class="bi bi-eye-slash me-1"></i>Toggle Visibility <div class="memory-aid-container mt-3 d-none" id="memoryAidContainer">
</button> <div class="card bg-dark border-primary">
<div class="card-header bg-primary text-white">
<i class="bi bi-book me-2"></i>Memory Story
</div>
<div class="card-body">
<p class="memory-story mb-3" id="memoryStory">
<!-- Story will be generated by JavaScript -->
</p>
<div class="form-text">
<i class="bi bi-info-circle me-1"></i>
This story is generated from your passphrase to help you remember it.
The words appear in order within the narrative.
</div>
<button type="button" class="btn btn-sm btn-outline-light mt-2" onclick="regenerateStory()">
<i class="bi bi-arrow-repeat me-1"></i>Generate Different Story
</button>
</div>
</div>
</div>
<div class="alert alert-info mt-3 mb-0">
<small class="text-muted">
({{ words_per_passphrase }} words = ~{{ passphrase_entropy }} bits entropy)
</small>
</div> </div>
</div> </div>
@@ -229,8 +266,9 @@
<div class="row text-center"> <div class="row text-center">
<div class="col"> <div class="col">
<div class="p-2 bg-dark rounded"> <div class="p-2 bg-dark rounded">
<div class="small text-muted">Phrase</div> <div class="small text-muted">Passphrase</div>
<div class="fs-5 text-info">{{ phrase_entropy }} bits</div> <div class="fs-5 text-info">{{ passphrase_entropy }} bits</div>
<div class="small text-muted">{{ words_per_passphrase }} words</div>
</div> </div>
</div> </div>
{% if pin_entropy %} {% if pin_entropy %}
@@ -279,7 +317,7 @@
<h6 class="text-muted mb-3"><i class="bi bi-info-circle me-2"></i>About Credentials</h6> <h6 class="text-muted mb-3"><i class="bi bi-info-circle me-2"></i>About Credentials</h6>
<ul class="small text-muted mb-0"> <ul class="small text-muted mb-0">
<li class="mb-2"> <li class="mb-2">
<strong>Daily phrases</strong> rotate each day of the week for forward secrecy <strong>Passphrase</strong> is a single phrase you use each time
</li> </li>
<li class="mb-2"> <li class="mb-2">
<strong>PIN</strong> is static and adds another factor both parties must know <strong>PIN</strong> is static and adds another factor both parties must know
@@ -343,9 +381,69 @@
min-width: 80px; min-width: 80px;
} }
/* Passphrase Container */
.passphrase-container {
background: linear-gradient(145deg, #1e1e2e 0%, #2d2d44 100%);
border: 1px solid #0dcaf0;
border-radius: 16px;
padding: 1.5rem 2rem;
box-shadow: 0 4px 20px rgba(0, 0, 0, 0.3), 0 0 40px rgba(13, 202, 240, 0.1);
}
.passphrase-display {
background: rgba(0, 0, 0, 0.4);
border: 1px solid rgba(13, 202, 240, 0.3);
border-radius: 12px;
padding: 1.5rem;
text-align: center;
transition: filter 0.3s ease;
}
.passphrase-display.blurred {
filter: blur(8px);
user-select: none;
}
.passphrase-text {
font-family: 'Consolas', 'Monaco', monospace;
font-size: 1.5rem;
font-weight: bold;
color: #0dcaf0;
text-shadow: 0 0 10px rgba(13, 202, 240, 0.5);
word-wrap: break-word;
display: block;
line-height: 1.6;
}
.passphrase-buttons {
display: flex;
justify-content: center;
flex-wrap: wrap;
gap: 0.5rem;
}
.passphrase-buttons .btn {
min-width: 100px;
}
/* Memory Aid */
.memory-story {
font-size: 1.1rem;
line-height: 1.8;
color: #e9ecef;
}
.memory-story .passphrase-word {
font-weight: bold;
color: #0dcaf0;
text-decoration: underline;
text-decoration-style: wavy;
text-decoration-color: rgba(13, 202, 240, 0.5);
}
/* Responsive */ /* Responsive */
@media (max-width: 576px) { @media (max-width: 576px) {
.pin-container { .pin-container, .passphrase-container {
padding: 1rem 1.25rem; padding: 1rem 1.25rem;
} }
@@ -358,6 +456,14 @@
.pin-digits-row { .pin-digits-row {
gap: 0.35rem; gap: 0.35rem;
} }
.passphrase-text {
font-size: 1.2rem;
}
.memory-story {
font-size: 1rem;
}
} }
</style> </style>
{% endblock %} {% endblock %}
@@ -429,15 +535,115 @@ function copyPin() {
}); });
} }
// Toggle all phrases visibility // Passphrase visibility toggle
let phrasesHidden = false; let passphraseHidden = false;
function toggleAllPhrases() { function togglePassphraseVisibility() {
phrasesHidden = !phrasesHidden; const display = document.getElementById('passphraseDisplay');
document.querySelectorAll('.phrase-display').forEach(el => { const icon = document.getElementById('passphraseToggleIcon');
el.style.filter = phrasesHidden ? 'blur(8px)' : 'none'; const text = document.getElementById('passphraseToggleText');
passphraseHidden = !passphraseHidden;
if (passphraseHidden) {
display.classList.add('blurred');
icon.className = 'bi bi-eye';
text.textContent = 'Show';
} else {
display.classList.remove('blurred');
icon.className = 'bi bi-eye-slash';
text.textContent = 'Hide';
}
}
// Copy passphrase
function copyPassphrase() {
const passphrase = '{{ passphrase|default("", true) }}';
const icon = document.getElementById('passphraseCopyIcon');
const text = document.getElementById('passphraseCopyText');
navigator.clipboard.writeText(passphrase).then(() => {
icon.className = 'bi bi-check';
text.textContent = 'Copied!';
setTimeout(() => {
icon.className = 'bi bi-clipboard';
text.textContent = 'Copy';
}, 2000);
}); });
} }
// Memory Aid Story Generation
const passphrase = '{{ passphrase|default("", true) }}';
const passphraseWords = passphrase.split(' ').filter(w => w.length > 0);
let currentStoryTemplate = 0;
// Story templates - words are inserted in order
const storyTemplates = [
// Adventure template
words => `Once upon a time, a brave explorer named ${highlight(words[0])} set out on a quest. Along the way, they discovered a mysterious ${highlight(words[1])} hidden in an ancient ${highlight(words[2])}${words[3] ? `. With the help of a magical ${highlight(words[3])}` : ''}${words[4] ? `, they unlocked the secrets of the ${highlight(words[4])}` : ''}${words[5] ? ` and found the legendary ${highlight(words[5])}` : ''}. And they all lived happily ever after.`,
// Detective template
words => `Detective ${highlight(words[0])} was investigating a curious case involving a stolen ${highlight(words[1])}. The only clue was a ${highlight(words[2])} found at the scene${words[3] ? `. Suddenly, a witness mentioned seeing a suspicious ${highlight(words[3])}` : ''}${words[4] ? ` near the old ${highlight(words[4])}` : ''}${words[5] ? `. The case was solved when they discovered the ${highlight(words[5])} contained the answer` : ''}.`,
// Science fiction template
words => `In the year 2150, Captain ${highlight(words[0])} commanded the starship ${highlight(words[1])}. Their mission: to explore the ${highlight(words[2])} sector of space${words[3] ? ` where ancient ${highlight(words[3])} technology was rumored to exist` : ''}${words[4] ? `. The crew discovered a portal to the ${highlight(words[4])} dimension` : ''}${words[5] ? `, containing the mythical ${highlight(words[5])}` : ''}.`,
// Restaurant template
words => `Chef ${highlight(words[0])} opened a new restaurant called "The ${highlight(words[1])}." The signature dish featured ${highlight(words[2])} as the main ingredient${words[3] ? `, garnished with fresh ${highlight(words[3])}` : ''}${words[4] ? `. Customers loved the special ${highlight(words[4])} sauce` : ''}${words[5] ? ` served in a ${highlight(words[5])}-shaped bowl` : ''}.`,
// Journey template
words => `The journey began at ${highlight(words[0])} Mountain, where travelers would gather their ${highlight(words[1])} supplies. The path led through the ${highlight(words[2])} valley${words[3] ? `, past the ancient ${highlight(words[3])} ruins` : ''}${words[4] ? `, until reaching the sacred ${highlight(words[4])} temple` : ''}${words[5] ? ` where the golden ${highlight(words[5])} awaited` : ''}.`,
// Music template
words => `${highlight(words[0])} was a talented musician who played the ${highlight(words[1])} in the city square. Their music sounded like ${highlight(words[2])}${words[3] ? ` mixed with ${highlight(words[3])}` : ''}${words[4] ? `. People said it reminded them of ${highlight(words[4])}` : ''}${words[5] ? ` during a beautiful ${highlight(words[5])} sunset` : ''}.`,
// Inventor template
words => `Professor ${highlight(words[0])} invented a revolutionary device powered by ${highlight(words[1])} energy. It could transform ordinary ${highlight(words[2])}${words[3] ? ` into magnificent ${highlight(words[3])}` : ''}${words[4] ? `. The invention won the prestigious ${highlight(words[4])} Prize` : ''}${words[5] ? ` and was displayed at the ${highlight(words[5])} Museum` : ''}.`,
// Garden template
words => `In the enchanted garden, ${highlight(words[0])} flowers bloomed beside a ${highlight(words[1])} fountain. The garden keeper planted ${highlight(words[2])} seeds${words[3] ? ` near the ${highlight(words[3])} hedge` : ''}${words[4] ? `, creating a path to the ${highlight(words[4])} arbor` : ''}${words[5] ? ` where butterflies gathered on ${highlight(words[5])} petals` : ''}.`
];
function highlight(word) {
return `<span class="passphrase-word">${word}</span>`;
}
function generateStory(templateIndex = null) {
if (passphraseWords.length === 0) return '';
if (templateIndex === null) {
templateIndex = currentStoryTemplate;
}
const template = storyTemplates[templateIndex % storyTemplates.length];
return template(passphraseWords);
}
function toggleMemoryAid() {
const container = document.getElementById('memoryAidContainer');
const icon = document.getElementById('memoryAidIcon');
const text = document.getElementById('memoryAidText');
if (container.classList.contains('d-none')) {
// Show memory aid
container.classList.remove('d-none');
icon.className = 'bi bi-lightbulb-fill';
text.textContent = 'Hide Aid';
// Generate initial story
document.getElementById('memoryStory').innerHTML = generateStory();
} else {
// Hide memory aid
container.classList.add('d-none');
icon.className = 'bi bi-lightbulb';
text.textContent = 'Memory Aid';
}
}
function regenerateStory() {
currentStoryTemplate = (currentStoryTemplate + 1) % storyTemplates.length;
document.getElementById('memoryStory').innerHTML = generateStory(currentStoryTemplate);
}
// Print QR code // Print QR code
function printQrCode() { function printQrCode() {
const qrImg = document.getElementById('qrCodeImage'); const qrImg = document.getElementById('qrCodeImage');

12
frontends/web/templates/index.html
View File

@@ -9,7 +9,10 @@
<div class="d-flex align-items-end justify-content-center gap-4"> <div class="d-flex align-items-end justify-content-center gap-4">
<img src="{{ url_for('static', filename='logo.svg') }}" alt="Stegasoo" height="155"> <img src="{{ url_for('static', filename='logo.svg') }}" alt="Stegasoo" height="155">
<div style="margin-bottom: 40px;"> <div style="margin-bottom: 40px;">
<h1 class="display-4 fw-bold mb-2">Stegasoo</h1> <h1 class="display-4 fw-bold mb-2">
Stegasoo
<span class="badge bg-success fs-6 ms-2">v3.2.0</span>
</h1>
<p class="lead text-muted mb-0">Hide encrypted data in plain sight.</p> <p class="lead text-muted mb-0">Hide encrypted data in plain sight.</p>
</div> </div>
</div> </div>
@@ -61,7 +64,7 @@
<div class="card-body text-center"> <div class="card-body text-center">
<h5 class="card-title">Generate</h5> <h5 class="card-title">Generate</h5>
<p class="card-text text-muted"> <p class="card-text text-muted">
Create weekly phrase cards, PINs, and RSA keys Create passphrases, PINs, and RSA keys
</p> </p>
</div> </div>
</div> </div>
@@ -69,7 +72,7 @@
</div> </div>
</div> </div>
<!-- Embedding Modes - New in v3.0 --> <!-- Embedding Modes -->
<div class="card mb-4"> <div class="card mb-4">
<div class="card-header"> <div class="card-header">
<h5 class="mb-0"><i class="bi bi-cpu me-2"></i>Embedding Modes</h5> <h5 class="mb-0"><i class="bi bi-cpu me-2"></i>Embedding Modes</h5>
@@ -118,7 +121,8 @@
</li> </li>
<li class="mb-1"> <li class="mb-1">
<i class="bi bi-chat-quote text-info me-2"></i> <i class="bi bi-chat-quote text-info me-2"></i>
<strong>Day Phrase</strong> 3-12 words, rotates daily <strong>Passphrase</strong> 4+ words
<span class="badge bg-success ms-1">v3.2.0</span>
</li> </li>
<li class="mb-1"> <li class="mb-1">
<i class="bi bi-123 text-info me-2"></i> <i class="bi bi-123 text-info me-2"></i>