From 6d64c69f0892ccebf7ed935fd3e93ebfe9466999 Mon Sep 17 00:00:00 2001 From: "Aaron D. Lee" Date: Wed, 31 Dec 2025 18:39:14 -0500 Subject: [PATCH] Home/about revamps. --- frontends/web/templates/about.html | 354 +++++++++++++++++------------ frontends/web/templates/index.html | 96 +++++--- 2 files changed, 270 insertions(+), 180 deletions(-) diff --git a/frontends/web/templates/about.html b/frontends/web/templates/about.html index 221b6fa..24b163d 100644 --- a/frontends/web/templates/about.html +++ b/frontends/web/templates/about.html @@ -22,22 +22,22 @@
  • Text & File Embedding -
    Hide messages or any file type (PDF, ZIP, documents) +
    Hide messages or any file type (PDF, ZIP, documents)
  • Multi-Factor Security -
    Combines photo + phrase + PIN/RSA key +
    Combines photo + phrase + PIN/RSA key
  • AES-256-GCM Encryption -
    Military-grade authenticated encryption +
    Military-grade authenticated encryption
  • Daily Rotating Phrases -
    Different passphrase each day of the week +
    Different passphrase each day of the week
    • @@ -45,23 +45,24 @@ @@ -69,6 +70,130 @@ + +
    +
    +
    Embedding Modes
    +
    +
    +

    + New in v3.0 + Stegasoo now supports two embedding modes, each optimized for different use cases. +

    + +
    + +
    +
    +
    + + LSB Mode + Default +
    +
    +

    + LSB (Least Significant Bit) embeds data in the lowest bit + of each color channel. Changing the LSB changes pixel values by at most 1, + which is imperceptible to the human eye. +

    +
      +
    • Capacity: ~375 KB per megapixel
      • +
    • Output: PNG (lossless)
      • +
    • Color: Full color preserved
      • +
    • Speed: Fast (~0.5s)
      • +
    +
    +
    + Email attachments
    + Cloud storage (Dropbox, Drive)
    + Direct file transfer
    + Social media (recompresses) +
    +
    +
    +
    + + +
    +
    +
    + + DCT Mode + v3.0 +
    +
    +

    + DCT (Discrete Cosine Transform) embeds data in frequency + coefficients rather than raw pixels. This survives JPEG recompression + because coefficients are preserved during re-encoding. +

    +
      +
    • Capacity: ~75 KB per megapixel
      • +
    • Output: JPEG or PNG
      • +
    • Color: Color or grayscale
      • +
    • Speed: Slower (~2s)
      • +
    +
    +
    + Instagram, Facebook
    + WhatsApp, Signal, Telegram
    + Twitter/X
    + Any platform that recompresses +
    +
    +
    +
    +
    + + +
    Comparison
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    AspectLSB ModeDCT Mode
    Capacity (1080p)~770 KB~50 KB
    Survives JPEG❌ No✅ Yes
    Social Media❌ Broken✅ Works
    Detection ResistanceModerateBetter
    DependenciesPillow, NumPy+ scipy, jpegio
    +
    + +
    + + Auto-Detection: When decoding, Stegasoo automatically detects whether + LSB or DCT mode was used. You don't need to specify the mode during decoding. +
    +
    +
    +
    How Security Works
    @@ -122,7 +247,7 @@ {% if has_argon2 %} Argon2id Available Using Argon2id with 256MB memory cost — the winner of the Password Hashing Competition - and current best practice for key derivation. + and current best practice for key derivation. This makes GPU/ASIC attacks infeasible. {% else %} Argon2 Not Available Falling back to PBKDF2-SHA512 with 600,000 iterations. @@ -130,12 +255,21 @@ {% endif %}

    -
    Steganography Technique
    +
    Steganography Techniques

    - Uses LSB (Least Significant Bit) embedding with pseudo-random pixel selection. + LSB Mode: Uses Least Significant Bit embedding with pseudo-random pixel selection. The pixel locations are determined by a key derived from your credentials, making the hidden data's location unpredictable without the correct inputs.

    +

    + DCT Mode: Uses Discrete Cosine Transform embedding with Quantization Index Modulation (QIM). + Data is hidden in mid-frequency coefficients of 8×8 blocks, making it resilient to JPEG recompression. + {% if has_dct %} + DCT Available + {% else %} + DCT Requires scipy + {% endif %} +

    @@ -145,8 +279,7 @@

    - New in v2.1 - Stegasoo now supports embedding any file type, not just text messages. + Stegasoo supports embedding any file type, not just text messages.

    @@ -174,152 +307,79 @@
    Tip: For larger files, compress them first (ZIP) to maximize capacity. - A 16MP carrier image can hold approximately 6MB of raw data, but we limit payloads - to {{ max_payload_kb }} KB for reasonable processing times. + Note that DCT mode has ~10× less capacity than LSB mode.
    - +
    -
    REST API
    +
    REST API

    FastAPI - Stegasoo includes a complete REST API built with FastAPI, featuring automatic documentation, - type validation, and comprehensive error handling. + Stegasoo includes a complete REST API with automatic documentation and type validation.

    -
    API Endpoints
    +
    Endpoints
    • POST /generate – Generate credentials
      • -
    • POST /encode – Encode text message (JSON)
      • -
    • POST /encode/file – Encode binary file (JSON)
      • -
    • POST /encode/multipart – Encode with file uploads
      • +
    • POST /encode – Encode text (JSON)
      • +
    • POST /encode/multipart – Encode with uploads
    • POST /decode – Decode message (JSON)
      • +
    • POST /decode/multipart – Decode with uploads
      -
    • POST /decode/multipart – Decode with file uploads
      • -
    • POST /extract-key-from-qr – Extract RSA key from QR
    • POST /image/info – Get image capacity
      • +
    • POST /extract-key-from-qr – Extract RSA from QR
    • GET / – API status and capabilities
      • +
    • GET /docs – Swagger documentation
      • +
    • GET /redoc – ReDoc documentation
    -
    - - Note: The /encode/multipart endpoint returns the PNG image directly - (with headers indicating metadata), while /decode/multipart returns JSON. - Use --output flag to save responses to files. -
    - -
    JSON API Examples
    - 
    // Generate credentials
-curl -X POST "http://localhost:8000/generate" \
-  -H "Content-Type: application/json" \
-  -d '{"use_pin": true, "use_rsa": false, "pin_length": 6, "words_per_phrase": 3}'
-
-// Encode text message (images must be base64 encoded first)
-// First encode images: base64 -w0 photo.jpg > photo.b64
-curl -X POST "http://localhost:8000/encode" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "message": "secret message",
-    "reference_photo_base64": "'"$(cat photo.b64)"'",
-    "carrier_image_base64": "'"$(cat carrier.b64)"'",
-    "day_phrase": "apple forest thunder",
-    "pin": "123456"
-  }'
-
-// Encode file (base64) - encode file first: base64 -w0 document.pdf > doc.b64
-curl -X POST "http://localhost:8000/encode/file" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "file_data_base64": "'"$(cat doc.b64)"'",
-    "filename": "document.pdf",
-    "reference_photo_base64": "'"$(cat photo.b64)"'",
-    "carrier_image_base64": "'"$(cat carrier.b64)"'",
-    "day_phrase": "apple forest thunder",
-    "pin": "123456"
-  }'
    - -
    Multipart API Examples
    - 
    # Encode text with file uploads
+                
    Example: DCT Encode
    
+                
    # Encode with DCT mode for social media
 curl -X POST "http://localhost:8000/encode/multipart" \
   -F "day_phrase=apple forest thunder" \
   -F "pin=123456" \
+  -F "embedding_mode=dct" \
+  -F "output_format=jpeg" \
   -F "reference_photo=@photo.jpg" \
-  -F "carrier=@carrier.png" \
-  -F "message=secret" \
-  --output stego.png
-
-# Encode file (no message field when using payload_file)
-curl -X POST "http://localhost:8000/encode/multipart" \
-  -F "day_phrase=apple forest thunder" \
-  -F "pin=123456" \
-  -F "reference_photo=@photo.jpg" \
-  -F "carrier=@carrier.png" \
-  -F "payload_file=@document.pdf" \
-  --output stego.png
-
-# Encode with RSA key from QR code (optional)
-curl -X POST "http://localhost:8000/encode/multipart" \
-  -F "day_phrase=apple forest thunder" \
-  -F "pin=123456" \
-  -F "reference_photo=@photo.jpg" \
-  -F "carrier=@carrier.png" \
-  -F "message=secret" \
-  -F "rsa_key_qr=@keyqr.png" \
-  --output stego.png
-
-# Decode with file uploads (returns JSON)
-curl -X POST "http://localhost:8000/decode/multipart" \
-  -F "day_phrase=apple forest thunder" \
-  -F "pin=123456" \
-  -F "reference_photo=@photo.jpg" \
-  -F "stego_image=@stego.png" \
-  --output result.json
    
+  -F "carrier=@meme.png" \
+  -F "message=secret message" \
+  --output stego.jpg
    -
    QR Code Support
    -

    - The API can extract RSA keys from QR code images. QR code reading requires - pyzbar and libzbar system library. -

    - 
    # Extract key from QR code (returns JSON)
-curl -X POST "http://localhost:8000/extract-key-from-qr" \
-  -F "qr_image=@keyqr.png"
    - -
    - - Interactive Documentation: When running the API server, visit - /docs for Swagger UI or /redoc for ReDoc documentation. - All endpoints include detailed schemas and example requests. -
    - -
    Command Line Interface
    -

    - Stegasoo also includes a full-featured CLI. Install with pip install stegasoo[cli] - or see the CLI documentation for complete usage. -

    - 
    # CLI Examples
+                
    Command Line
    
+                
    # Generate credentials
 stegasoo generate --pin --words 3
+
+# Encode with LSB (default)
 stegasoo encode -r photo.jpg -c meme.png -p "phrase" --pin 123456 -m "secret"
-stegasoo decode -r photo.jpg -s stego.png -p "phrase" --pin 123456
-stegasoo info image.png
    
+
+# Encode with DCT for social media
+stegasoo encode -r photo.jpg -c meme.png -p "phrase" --pin 123456 -m "secret" \
+  --mode dct --format jpeg
+
+# Decode (auto-detects mode)
+stegasoo decode -r photo.jpg -s stego.png -p "phrase" --pin 123456

    - {% if has_argon2 %}Argon2 Available{% else %}PBKDF2 Fallback{% endif %} + {% if has_argon2 %}Argon2{% else %}PBKDF2{% endif %} + + + {% if has_dct %}DCT Available{% else %}DCT Unavailable{% endif %} - {% if has_qrcode_read %}QR Reading Available{% else %}QR Reading Not Available{% endif %} + {% if has_qrcode_read %}QR Reading{% else %}No QR Reading{% endif %}

    @@ -355,20 +415,24 @@ stegasoo info image.png

    1. Go to Encode
      2. -
    2. Upload your reference photo
      3. -
    3. Upload a carrier image (the image to hide data in)
      4. -
    4. Choose Text or File mode
      5. +
    5. Choose your embedding mode: +
        +
      • LSB – for email, cloud storage, direct transfer
        • +
      • DCT – for social media (Instagram, WhatsApp, etc.)
        • +
      +
      6. +
    6. Upload your reference photo and carrier image
    7. Enter your message or select a file to embed
    8. Enter today's phrase and your PIN/key
    9. Download the resulting stego image
      10. -
    10. Send the stego image through any channel (email, social media, etc.)
      11. +
    11. Send through any channel!
    @@ -378,7 +442,7 @@ stegasoo info image.png

    @@ -387,14 +451,14 @@ stegasoo info image.png
  • Go to Decode
  • Upload your reference photo (same one used for encoding)
  • Upload the stego image you received
    • -
  • Enter the phrase for the day it was encoded (check the filename for date)
    • +
  • Enter the phrase for the day it was encoded
  • Enter your PIN and/or RSA key
  • View the decoded message or download the extracted file
    • -
    - - The stego image filename contains the encoding date (e.g., abc123_20251228.png). - Use this to determine which day's phrase to use! +
    + + Auto-detection: Stegasoo automatically detects LSB vs DCT mode. + The filename contains the encoding date (e.g., abc123_20251231.png).
    @@ -408,11 +472,11 @@ stegasoo info image.png
    Limits & Specifications
    - +
    - + @@ -422,6 +486,14 @@ stegasoo info image.png + + + + + + + + @@ -440,15 +512,7 @@ stegasoo info image.png - - - - - - - - - +
    Max text message2 million characters (~2 MB)2 million characters
    Max file payload Max carrier image 24 megapixels (~6000×4000)
    LSB capacity~375 KB/megapixel
    DCT capacity~75 KB/megapixel
    Max upload size 30 MB
    Phrase length3-12 words (BIP-39 wordlist)
    API documentation/docs (Swagger) and /redoc
    QR code supportRSA key encoding/extraction (up to 3072 bit keys)3-12 words (BIP-39)
    @@ -459,7 +523,7 @@ stegasoo info image.png

    Stegasoo v{{ version }} • Open Source • - Built with Python, FastAPI, and cryptography + Built with Python, Flask/FastAPI, and cryptography

    diff --git a/frontends/web/templates/index.html b/frontends/web/templates/index.html index b958c92..bc73181 100644 --- a/frontends/web/templates/index.html +++ b/frontends/web/templates/index.html @@ -25,9 +25,9 @@
    -
    Encode Message
    +
    Encode

    - Hide and enrypt secret data in an image like a photo or meme. + Hide encrypted messages or files inside images

    @@ -42,9 +42,9 @@
    -
    Decode Message
    +
    Decode

    - Extract and decrypt data from Stegasoo-encoded images + Extract and decrypt hidden data from stego images

    @@ -59,9 +59,9 @@
    -
    Generate Keys
    +
    Generate

    - Create weekly phrase card with PIN and/or RSA key. + Create weekly phrase cards, PINs, and RSA keys

    @@ -69,51 +69,77 @@ -
    + +
    +
    Embedding Modes
    +
    +
    +
    +
    +
    + + LSB Mode + Default +
    + Higher capacity (~375 KB/MP)
    + Best for email & file transfer +
    +
    +
    +
    +
    + + DCT Mode + v3.0 +
    + Survives JPEG recompression
    + Best for social media +
    +
    +
    +
    +
    +
    + +
    +
    How It Works
    + Learn More
    -
    Key Components
    -
      -
    • +
      You Provide
      +
        +
      • - Reference Photo: Any photo you and recipient both have + Reference Photo – shared secret image
        • -
      • +
      • - Day Phrase: 3 to 12 words, one for each day of the week + Day Phrase – 3-12 words, rotates daily
        • -
      • - - RSA Key: 2048, 3072, or 4096 bit PEM or printable QR code -
        • -
      • +
      • - Static PIN: 6-9 digits, same every day + PIN – 6-9 digits (and/or RSA key)
    -
    Security Features
    -
      -
    • - - Perfect for async communication and use on air-gapped devices -
      • -
    • - - Argon2id memory-hard key derivation (256MB) -
      • -
    • - - Pseudo-random pixel selection (defeats steganalysis) -
      • -
    • +
      We Provide
      +
        +
      • - AES-256-GCM authenticated encryption + AES-256-GCM encryption +
        • +
      • + + Argon2id key derivation (256MB) +
        • +
      • + + Pseudo-random embedding