alee/stegasoo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added password-protect PEM support.

Browse Source
This commit is contained in:
Aaron D. Lee
2025-12-27 20:22:25 -05:00
parent 2abb458c57
commit ee937c832f
5 changed files with 687 additions and 225 deletions
Download Patch File Download Diff File Expand all files Collapse all files

377
app.py
View File

@@ -1,34 +1,31 @@
#!/usr/bin/env python3
"""
Stegasoo: Stegonography portal, for security-mided messagin demo.
Stegasoo: Steganography portal for security-minded messaging.
Aaron D. Lee (w/ vibes)
2025-12-27
Right Now: It's a stupid bootstrap looking portal that works.
Future: Socials, Slack, and Matrix server channel watcher function to encode/send/decode
messages in real-time from a configurable memes or photos channel.
Built as a learning experience with a few LLMs to see if I can make something decent.
"""
import os
import io
import re
import secrets
import hashlib
import struct
import time
import threading
from datetime import datetime
from flask import Flask, render_template, request, send_file, jsonify, flash, redirect, url_for
from werkzeug.utils import secure_filename
from PIL import Image
from secureDeleter import SecureDeleter
#from story_generator import generate_all_stories, HAS_ML
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.serialization import load_pem_private_key
try:
from argon2.low_level import hash_secret_raw, Type
@@ -38,6 +35,8 @@ except ImportError:
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives import hashes
HAS_ML = False # Story generator disabled
# ============================================================================
# FLASK APP CONFIGURATION
# ============================================================================
@@ -50,6 +49,10 @@ app.config['UPLOAD_FOLDER'] = '/tmp/stego_uploads'
# Limits
MAX_IMAGE_PIXELS = 4000000 # 4 megapixels max (e.g., 2000x2000)
MAX_MESSAGE_SIZE = 50000 # 50KB message max
MIN_PIN_LENGTH = 6
MAX_PIN_LENGTH = 9
MIN_RSA_BITS = 2048
VALID_RSA_SIZES = [2048, 3072, 4096]
os.makedirs(app.config['UPLOAD_FOLDER'], exist_ok=True)
@@ -94,7 +97,6 @@ def secure_cleanup_uploads():
deleter = SecureDeleter(filepath)
deleter.execute()
except Exception as e:
# Fallback to regular delete
os.remove(filepath)
@@ -106,18 +108,139 @@ def cleanup_temp_files():
TEMP_FILES.pop(fid, None)
# ============================================================================
# HELPER FUNCTIONS
# VALIDATION FUNCTIONS
# ============================================================================
def allowed_file(filename):
return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
def validate_pin(pin):
"""Validate PIN format: 6-9 digits, no leading zeros."""
if not pin:
return True, "" # Empty PIN is valid (if RSA key provided)
if not pin.isdigit():
return False, "PIN must contain only digits"
if len(pin) < MIN_PIN_LENGTH or len(pin) > MAX_PIN_LENGTH:
return False, f"PIN must be {MIN_PIN_LENGTH}-{MAX_PIN_LENGTH} digits"
if pin[0] == '0':
return False, "PIN cannot start with zero"
return True, ""
def validate_message(message):
"""Validate message size."""
if not message:
return False, "Message is required"
if len(message) > MAX_MESSAGE_SIZE:
return False, f"Message too long. Max {MAX_MESSAGE_SIZE // 1000}KB allowed"
return True, ""
def validate_image(image_data, name="Image"):
"""Validate image data and dimensions."""
try:
img = Image.open(io.BytesIO(image_data))
width, height = img.size
num_pixels = width * height
if num_pixels > MAX_IMAGE_PIXELS:
max_dim = int(MAX_IMAGE_PIXELS ** 0.5)
return False, f"{name} too large ({width}x{height} = {num_pixels:,} pixels). Max ~{MAX_IMAGE_PIXELS:,} pixels ({max_dim}x{max_dim})"
return True, ""
except Exception as e:
return False, f"Could not read {name}: {str(e)}"
def validate_rsa_key(key_data, password=None):
"""
Validate RSA private key.
Returns (is_valid, error_message, key_size_bits)
"""
if not key_data:
return True, "", 0 # Empty key is valid (if PIN provided)
try:
# Try to load the key
if password:
private_key = load_pem_private_key(key_data, password=password.encode(), backend=default_backend())
else:
# Try without password first
try:
private_key = load_pem_private_key(key_data, password=None, backend=default_backend())
except TypeError:
# Key is encrypted but no password provided
return False, "RSA key is password-protected. Please enter the password.", 0
# Check key size
key_size = private_key.key_size
if key_size < MIN_RSA_BITS:
return False, f"RSA key must be at least {MIN_RSA_BITS} bits (got {key_size})", 0
return True, "", key_size
except ValueError as e:
if "password" in str(e).lower() or "encrypted" in str(e).lower():
return False, "Incorrect password for RSA key", 0
return False, f"Invalid RSA key format: {str(e)}", 0
except Exception as e:
return False, f"Could not load RSA key: {str(e)}", 0
def validate_security_factors(pin, rsa_key_data):
"""Ensure at least one security factor is provided."""
has_pin = bool(pin and pin.strip())
has_key = bool(rsa_key_data and len(rsa_key_data) > 0)
if not has_pin and not has_key:
return False, "You must provide at least a PIN or RSA Key"
return True, ""
# ============================================================================
# RSA KEY GENERATION
# ============================================================================
def generate_rsa_key(bits=2048):
"""Generate RSA private key."""
if bits not in VALID_RSA_SIZES:
bits = 2048
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=bits,
backend=default_backend()
)
return private_key
def export_rsa_key_pem(private_key, password=None):
"""Export RSA key to PEM format, optionally encrypted."""
if password:
encryption = serialization.BestAvailableEncryption(password.encode())
else:
encryption = serialization.NoEncryption()
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=encryption
)
return pem
# ============================================================================
# HELPER FUNCTIONS
# ============================================================================
def generate_pin(length=6):
"""Generate a random PIN of specified length (6-8 digits)."""
"""Generate a random PIN of specified length (6-9 digits)."""
length = max(MIN_PIN_LENGTH, min(MAX_PIN_LENGTH, length))
first_digit = str(secrets.randbelow(9) + 1) # 1-9
rest = ''.join(str(secrets.randbelow(10)) for _ in range(length - 1)) # 0-9
rest = ''.join(str(secrets.randbelow(10)) for _ in range(length - 1))
return first_digit + rest
def generate_day_phrases(words_per_phrase=3):
phrases = {}
for day in DAY_NAMES:
@@ -136,8 +259,8 @@ def hash_photo(image_data):
return h
def derive_hybrid_key(photo_data, day_phrase, date_str, salt, pin=""):
"""Derive encryption key from photo + phrase + PIN + date + salt."""
def derive_hybrid_key(photo_data, day_phrase, date_str, salt, pin="", rsa_key_data=None):
"""Derive encryption key from photo + phrase + PIN + RSA key + date + salt."""
photo_hash = hash_photo(photo_data)
key_material = (
@@ -148,6 +271,10 @@ def derive_hybrid_key(photo_data, day_phrase, date_str, salt, pin=""):
salt
)
# Add RSA key hash if provided
if rsa_key_data:
key_material += hashlib.sha256(rsa_key_data).digest()
if HAS_ARGON2:
key = hash_secret_raw(
secret=key_material,
@@ -171,20 +298,23 @@ def derive_hybrid_key(photo_data, day_phrase, date_str, salt, pin=""):
return key
def derive_pixel_key(photo_data, day_phrase, date_str, pin=""):
def derive_pixel_key(photo_data, day_phrase, date_str, pin="", rsa_key_data=None):
"""Derive key for pixel selection."""
photo_hash = hash_photo(photo_data)
material = photo_hash + day_phrase.lower().encode() + pin.encode() + date_str.encode()
if rsa_key_data:
material += hashlib.sha256(rsa_key_data).digest()
return hashlib.sha256(material + b"pixel_selection").digest()
def encrypt_message(message, photo_data, day_phrase, date_str, pin=""):
def encrypt_message(message, photo_data, day_phrase, date_str, pin="", rsa_key_data=None):
"""Encrypt message using hybrid key derivation."""
salt = secrets.token_bytes(SALT_SIZE)
key = derive_hybrid_key(photo_data, day_phrase, date_str, salt, pin)
key = derive_hybrid_key(photo_data, day_phrase, date_str, salt, pin, rsa_key_data)
iv = secrets.token_bytes(IV_SIZE)
# Random padding
if isinstance(message, str):
message = message.encode()
@@ -214,14 +344,8 @@ def encrypt_message(message, photo_data, day_phrase, date_str, pin=""):
def generate_pixel_indices(key, num_pixels, num_needed):
"""
Generate pseudo-random pixel indices.
Optimized: Instead of shuffling ALL pixels (slow for large images),
we generate indices directly using PRNG and handle collisions.
"""
"""Generate pseudo-random pixel indices."""
if num_needed >= num_pixels // 2:
# If we need many pixels, fall back to shuffle (rare case)
nonce = b'\x00' * 16
cipher = Cipher(algorithms.ChaCha20(key, nonce), mode=None, backend=default_backend())
encryptor = cipher.encryptor()
@@ -236,18 +360,14 @@ def generate_pixel_indices(key, num_pixels, num_needed):
return indices[:num_needed]
# Optimized path: generate indices directly
# Use key to seed selection, ensuring deterministic results
selected = []
used = set()
# Generate random bytes for index selection
nonce = b'\x00' * 16
cipher = Cipher(algorithms.ChaCha20(key, nonce), mode=None, backend=default_backend())
encryptor = cipher.encryptor()
# Generate more than needed to handle collisions
bytes_needed = (num_needed * 2) * 4 # 4 bytes per index, 2x for collisions
bytes_needed = (num_needed * 2) * 4
random_bytes = encryptor.update(b'\x00' * bytes_needed)
byte_offset = 0
@@ -259,7 +379,6 @@ def generate_pixel_indices(key, num_pixels, num_needed):
used.add(idx)
selected.append(idx)
# If we still need more (very unlikely), generate additional
while len(selected) < num_needed:
extra_bytes = encryptor.update(b'\x00' * 4)
idx = int.from_bytes(extra_bytes, 'big') % num_pixels
@@ -343,7 +462,6 @@ def extract_from_image(image_data, pixel_key, bits_per_channel=1):
num_pixels = len(pixels)
bits_per_pixel = 3 * bits_per_channel
# First extract enough to get length
initial_pixels = (32 + bits_per_pixel - 1) // bits_per_pixel + 10
initial_indices = generate_pixel_indices(pixel_key, num_pixels, initial_pixels)
@@ -407,13 +525,13 @@ def parse_header(encrypted_data):
return {'date': date_str, 'salt': salt, 'iv': iv, 'tag': tag, 'ciphertext': ciphertext}
def decrypt_message(encrypted_data, photo_data, day_phrase, pin=""):
def decrypt_message(encrypted_data, photo_data, day_phrase, pin="", rsa_key_data=None):
"""Decrypt message."""
header = parse_header(encrypted_data)
if not header:
return None
key = derive_hybrid_key(photo_data, day_phrase, header['date'], header['salt'], pin)
key = derive_hybrid_key(photo_data, day_phrase, header['date'], header['salt'], pin, rsa_key_data)
cipher = Cipher(
algorithms.AES(key),
@@ -444,28 +562,42 @@ def index():
def generate():
if request.method == 'POST':
words_per_phrase = int(request.form.get('words_per_phrase', 3))
pin_length = int(request.form.get('pin_length', 6))
# Disable generate_stories for now (until much better)
#generate_stories = request.form.get('generate_stories') == 'on'
generate_stories = request.form.get('generate_stories') == 'off'
# Security factor options
use_pin = request.form.get('use_pin') == 'on'
use_rsa = request.form.get('use_rsa') == 'on'
# Validate at least one factor selected
if not use_pin and not use_rsa:
flash('You must select at least one security factor (PIN or RSA Key)', 'error')
return render_template('generate.html', generated=False, has_ml=HAS_ML)
pin_length = int(request.form.get('pin_length', 6))
rsa_bits = int(request.form.get('rsa_bits', 2048))
# Clamp values to valid ranges
words_per_phrase = max(3, min(12, words_per_phrase))
pin_length = max(6, min(8, pin_length))
pin_length = max(MIN_PIN_LENGTH, min(MAX_PIN_LENGTH, pin_length))
if rsa_bits not in VALID_RSA_SIZES:
rsa_bits = 2048
phrases = generate_day_phrases(words_per_phrase)
pin = generate_pin(pin_length)
# Generate PIN if selected
pin = generate_pin(pin_length) if use_pin else None
# Generate RSA key if selected
rsa_key_pem = None
if use_rsa:
private_key = generate_rsa_key(rsa_bits)
rsa_key_pem = export_rsa_key_pem(private_key, password=None).decode('utf-8')
# Calculate entropy
phrase_entropy = words_per_phrase * 11 # ~11 bits per BIP-39 word
pin_entropy = int(pin_length * 3.32) # log2(10) ≈ 3.32 bits per digit
total_entropy = phrase_entropy + pin_entropy
# Generate memory aid stories if requested
stories = None
if generate_stories:
stories = generate_all_stories(phrases, use_ml=HAS_ML)
phrase_entropy = words_per_phrase * 11
pin_entropy = int(pin_length * 3.32) if use_pin else 0
# RSA key adds significant entropy (conservatively estimate effective security)
rsa_entropy = min(rsa_bits // 16, 128) if use_rsa else 0 # ~128 bits effective for 2048-bit
total_entropy = phrase_entropy + pin_entropy + rsa_entropy
return render_template('generate.html',
phrases=phrases,
@@ -473,15 +605,56 @@ def generate():
days=DAY_NAMES,
generated=True,
words_per_phrase=words_per_phrase,
pin_length=pin_length,
pin_length=pin_length if use_pin else None,
use_pin=use_pin,
use_rsa=use_rsa,
rsa_bits=rsa_bits,
rsa_key_pem=rsa_key_pem,
phrase_entropy=phrase_entropy,
pin_entropy=pin_entropy,
rsa_entropy=rsa_entropy,
total_entropy=total_entropy,
stories=stories,
has_ml=HAS_ML)
return render_template('generate.html', generated=False, has_ml=HAS_ML)
@app.route('/generate/download-key', methods=['POST'])
def download_key():
"""Download RSA key as password-protected PEM file."""
key_pem = request.form.get('key_pem', '')
password = request.form.get('key_password', '')
if not key_pem:
flash('No key to download', 'error')
return redirect(url_for('generate'))
if not password or len(password) < 8:
flash('Password must be at least 8 characters', 'error')
return redirect(url_for('generate'))
try:
# Load the unencrypted key
private_key = load_pem_private_key(key_pem.encode(), password=None, backend=default_backend())
# Re-export with password protection
encrypted_pem = export_rsa_key_pem(private_key, password=password)
# Generate filename
key_id = secrets.token_hex(4)
filename = f'stegasoo_key_{private_key.key_size}_{key_id}.pem'
return send_file(
io.BytesIO(encrypted_pem),
mimetype='application/x-pem-file',
as_attachment=True,
download_name=filename
)
except Exception as e:
flash(f'Error creating key file: {str(e)}', 'error')
return redirect(url_for('generate'))
@app.route('/encode', methods=['GET', 'POST'])
def encode():
day_of_week = datetime.now().strftime("%A")
@@ -491,6 +664,7 @@ def encode():
# Get files
ref_photo = request.files.get('reference_photo')
carrier = request.files.get('carrier')
rsa_key_file = request.files.get('rsa_key')
if not ref_photo or not carrier:
flash('Both reference photo and carrier image are required', 'error')
@@ -503,55 +677,72 @@ def encode():
# Get form data
message = request.form.get('message', '')
day_phrase = request.form.get('day_phrase', '')
pin = request.form.get('pin', '')
pin = request.form.get('pin', '').strip()
rsa_password = request.form.get('rsa_password', '')
if not message or not day_phrase:
flash('Message and day phrase are required', 'error')
# Validate message
valid, error = validate_message(message)
if not valid:
flash(error, 'error')
return render_template('encode.html', day_of_week=day_of_week)
# Check message size
if len(message) > MAX_MESSAGE_SIZE:
flash(f'Message too long. Max {MAX_MESSAGE_SIZE // 1000}KB allowed.', 'error')
if not day_phrase:
flash('Day phrase is required', 'error')
return render_template('encode.html', day_of_week=day_of_week)
# Read files
ref_data = ref_photo.read()
carrier_data = carrier.read()
rsa_key_data = rsa_key_file.read() if rsa_key_file and rsa_key_file.filename else None
# Validate carrier image dimensions
try:
carrier_img = Image.open(io.BytesIO(carrier_data))
width, height = carrier_img.size
num_pixels = width * height
if num_pixels > MAX_IMAGE_PIXELS:
max_dim = int(MAX_IMAGE_PIXELS ** 0.5)
flash(f'Carrier image too large ({width}x{height} = {num_pixels:,} pixels). '
f'Max ~{MAX_IMAGE_PIXELS:,} pixels ({max_dim}x{max_dim}). '
f'Please resize your image.', 'error')
return render_template('encode.html', day_of_week=day_of_week)
except Exception as e:
flash(f'Could not read carrier image: {str(e)}', 'error')
# Validate security factors
valid, error = validate_security_factors(pin, rsa_key_data)
if not valid:
flash(error, 'error')
return render_template('encode.html', day_of_week=day_of_week)
# Get date
# Validate PIN if provided
if pin:
valid, error = validate_pin(pin)
if not valid:
flash(error, 'error')
return render_template('encode.html', day_of_week=day_of_week)
# Validate RSA key if provided
if rsa_key_data:
valid, error, key_size = validate_rsa_key(rsa_key_data, rsa_password if rsa_password else None)
if not valid:
flash(error, 'error')
return render_template('encode.html', day_of_week=day_of_week)
# Validate carrier image
valid, error = validate_image(carrier_data, "Carrier image")
if not valid:
flash(error, 'error')
return render_template('encode.html', day_of_week=day_of_week)
# Get date - use client's local date if provided
client_date = request.form.get('client_date', '').strip()
if client_date and len(client_date) == 10 and client_date[4] == '-' and client_date[7] == '-':
date_str = client_date
else:
date_str = datetime.now().strftime('%Y-%m-%d')
# Encrypt
encrypted = encrypt_message(message, ref_data, day_phrase, date_str, pin)
encrypted = encrypt_message(message, ref_data, day_phrase, date_str, pin, rsa_key_data)
# Get pixel key
pixel_key = derive_pixel_key(ref_data, day_phrase, date_str, pin)
pixel_key = derive_pixel_key(ref_data, day_phrase, date_str, pin, rsa_key_data)
# Embed
stego_data, stats = embed_in_image(carrier_data, encrypted, pixel_key)
# Generate filename and file ID
filename = f'{secrets.token_hex(4)}_{datetime.now().strftime("%Y%m%d")}.png'
filename = f'{secrets.token_hex(4)}_{date_str.replace("-", "")}.png'
file_id = secrets.token_urlsafe(16)
# Store temporarily for download/share
cleanup_temp_files() # Clean old files first
cleanup_temp_files()
TEMP_FILES[file_id] = {
'data': stego_data,
'filename': filename,
@@ -625,6 +816,7 @@ def decode():
# Get files
ref_photo = request.files.get('reference_photo')
stego_image = request.files.get('stego_image')
rsa_key_file = request.files.get('rsa_key')
if not ref_photo or not stego_image:
flash('Both reference photo and stego image are required', 'error')
@@ -632,7 +824,8 @@ def decode():
# Get form data
day_phrase = request.form.get('day_phrase', '')
pin = request.form.get('pin', '')
pin = request.form.get('pin', '').strip()
rsa_password = request.form.get('rsa_password', '')
if not day_phrase:
flash('Day phrase is required', 'error')
@@ -641,32 +834,50 @@ def decode():
# Read files
ref_data = ref_photo.read()
stego_data = stego_image.read()
rsa_key_data = rsa_key_file.read() if rsa_key_file and rsa_key_file.filename else None
# Validate security factors
valid, error = validate_security_factors(pin, rsa_key_data)
if not valid:
flash(error, 'error')
return render_template('decode.html')
# Validate PIN if provided
if pin:
valid, error = validate_pin(pin)
if not valid:
flash(error, 'error')
return render_template('decode.html')
# Validate RSA key if provided
if rsa_key_data:
valid, error, key_size = validate_rsa_key(rsa_key_data, rsa_password if rsa_password else None)
if not valid:
flash(error, 'error')
return render_template('decode.html')
# Try to extract and decrypt
# We need to try with today's date first for pixel key
date_str = datetime.now().strftime('%Y-%m-%d')
pixel_key = derive_pixel_key(ref_data, day_phrase, date_str, pin)
pixel_key = derive_pixel_key(ref_data, day_phrase, date_str, pin, rsa_key_data)
encrypted = extract_from_image(stego_data, pixel_key)
if encrypted:
# Parse to get actual date
header = parse_header(encrypted)
if header and header['date'] != date_str:
# Re-extract with correct date
pixel_key = derive_pixel_key(ref_data, day_phrase, header['date'], pin)
pixel_key = derive_pixel_key(ref_data, day_phrase, header['date'], pin, rsa_key_data)
encrypted = extract_from_image(stego_data, pixel_key)
if not encrypted:
flash('Could not extract data. Check your inputs.', 'error')
return render_template('decode.html')
message = decrypt_message(encrypted, ref_data, day_phrase, pin)
message = decrypt_message(encrypted, ref_data, day_phrase, pin, rsa_key_data)
if message:
return render_template('decode.html', decoded_message=message)
else:
flash('Decryption failed. Wrong phrase, PIN, or reference photo.', 'error')
flash('Decryption failed. Wrong phrase, PIN, RSA key, or reference photo.', 'error')
return render_template('decode.html')
except Exception as e:

9
static/style.css
View File

@@ -226,6 +226,15 @@ footer {
background: rgba(0, 0, 0, 0.2);
}
/* ----------------------------------------------------------------------------
Custom Alert Variants
---------------------------------------------------------------------------- */
.alert-success-bright {
background: rgba(34, 197, 94, 0.2);
border-color: #22c55e;
color: #4ade80;
}
/* ----------------------------------------------------------------------------
Utility Classes
---------------------------------------------------------------------------- */

103
templates/decode.html
View File

@@ -49,7 +49,7 @@
<label class="form-label">
<i class="bi bi-file-earmark-image me-1"></i> Stego Image
</label>
<div class="drop-zone">
<div class="drop-zone" id="stegoDropZone">
<input type="file" name="stego_image" accept="image/*" required>
<div class="drop-zone-label">
<i class="bi bi-cloud-arrow-up fs-3 d-block mb-2 text-muted"></i>
@@ -63,9 +63,8 @@
</div>
</div>
<div class="row">
<div class="col-md-8 mb-3">
<label class="form-label">
<div class="mb-3">
<label class="form-label" id="dayPhraseLabel">
<i class="bi bi-chat-quote me-1"></i> Day Phrase
</label>
<input type="text" name="day_phrase" class="form-control"
@@ -75,16 +74,47 @@
</div>
</div>
<div class="col-md-4 mb-3">
<hr class="my-4">
<h6 class="text-muted mb-3">
SECURITY FACTORS
<span class="text-warning small">(provide same factors used during encoding)</span>
</h6>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">
<i class="bi bi-123 me-1"></i> PIN
</label>
<input type="password" name="pin" class="form-control"
placeholder="123456" maxlength="10">
<input type="password" name="pin" class="form-control" id="pinInput"
placeholder="6-9 digits" maxlength="9">
<div class="form-text">
Your static 6-digit PIN
If PIN was used during encoding
</div>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">
<i class="bi bi-file-earmark-lock me-1"></i> RSA Key
</label>
<input type="file" name="rsa_key" class="form-control" id="rsaKeyInput"
accept=".pem,.key">
<div class="form-text">
If RSA key was used during encoding
</div>
</div>
</div>
<!-- RSA Key Password (shown when key selected) -->
<div class="mb-3 d-none" id="rsaPasswordGroup">
<label class="form-label">
<i class="bi bi-key me-1"></i> RSA Key Password
</label>
<input type="password" name="rsa_password" class="form-control"
placeholder="Password for the .pem file (if encrypted)">
<div class="form-text">
Leave blank if your key file is not password-protected
</div>
</div>
<button type="submit" class="btn btn-primary btn-lg w-100" id="decodeBtn">
@@ -108,13 +138,17 @@
<i class="bi bi-dot"></i>
Use the phrase for the <strong>day the message was encoded</strong>, not today
</li>
<li class="mb-2">
<i class="bi bi-dot"></i>
Provide the <strong>same security factors</strong> (PIN and/or RSA key) used during encoding
</li>
<li class="mb-2">
<i class="bi bi-dot"></i>
Ensure the stego image hasn't been <strong>resized or recompressed</strong>
</li>
<li class="mb-0">
<i class="bi bi-dot"></i>
Double-check your <strong>PIN</strong> is correct
If using an RSA key, make sure the <strong>password is correct</strong>
</li>
</ul>
</div>
@@ -132,13 +166,44 @@ document.getElementById('decodeForm')?.addEventListener('submit', function() {
btn.disabled = true;
});
// Show RSA password field when key is selected
const rsaKeyInput = document.getElementById('rsaKeyInput');
const rsaPasswordGroup = document.getElementById('rsaPasswordGroup');
rsaKeyInput?.addEventListener('change', function() {
rsaPasswordGroup.classList.toggle('d-none', !this.files.length);
});
// Day names for date detection
const dayNames = ['Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday'];
// Detect day from filename
function detectDayFromFilename(filename) {
const dateMatch = filename.match(/_(\d{4})[-]?(\d{2})[-]?(\d{2})/);
if (dateMatch) {
const [, year, month, day] = dateMatch;
const date = new Date(year, month - 1, day);
return dayNames[date.getDay()];
}
return null;
}
// Update day phrase label
function updateDayLabel(dayName) {
const label = document.getElementById('dayPhraseLabel');
if (label && dayName) {
label.innerHTML = `<i class="bi bi-chat-quote me-1"></i> ${dayName}'s Phrase`;
}
}
// Drag & drop with preview
document.querySelectorAll('.drop-zone').forEach(zone => {
const input = zone.querySelector('input[type="file"]');
const label = zone.querySelector('.drop-zone-label');
const preview = zone.querySelector('.drop-zone-preview');
const isStegoZone = zone.id === 'stegoDropZone';
// Drag events
['dragenter', 'dragover'].forEach(evt => {
zone.addEventListener(evt, e => {
e.preventDefault();
@@ -153,18 +218,28 @@ document.querySelectorAll('.drop-zone').forEach(zone => {
});
});
// Handle drop
zone.addEventListener('drop', e => {
if (e.dataTransfer.files.length) {
input.files = e.dataTransfer.files;
showPreview(e.dataTransfer.files[0]);
const file = e.dataTransfer.files[0];
showPreview(file);
if (isStegoZone) {
const dayName = detectDayFromFilename(file.name);
updateDayLabel(dayName);
}
}
});
// Handle click selection
input.addEventListener('change', function() {
if (this.files && this.files[0]) {
showPreview(this.files[0]);
const file = this.files[0];
showPreview(file);
if (isStegoZone) {
const dayName = detectDayFromFilename(file.name);
updateDayLabel(dayName);
}
}
});

80
templates/encode.html
View File

@@ -11,6 +11,8 @@
</div>
<div class="card-body">
<form method="POST" enctype="multipart/form-data" id="encodeForm">
<input type="hidden" name="client_date" id="clientDate" value="">
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">
@@ -64,9 +66,8 @@
</div>
</div>
<div class="row">
<div class="col-md-8 mb-3">
<label class="form-label">
<div class="mb-3">
<label class="form-label" id="dayPhraseLabel">
<i class="bi bi-chat-quote me-1"></i> {{ day_of_week }}'s Phrase
</label>
<input type="text" name="day_phrase" class="form-control"
@@ -76,16 +77,47 @@
</div>
</div>
<div class="col-md-4 mb-3">
<hr class="my-4">
<h6 class="text-muted mb-3">
SECURITY FACTORS
<span class="text-warning small">(provide at least one: PIN or RSA Key)</span>
</h6>
<div class="row">
<div class="col-md-6 mb-3">
<label class="form-label">
<i class="bi bi-123 me-1"></i> PIN
</label>
<input type="password" name="pin" class="form-control"
placeholder="123456" maxlength="10">
<input type="password" name="pin" class="form-control" id="pinInput"
placeholder="6-9 digits" maxlength="9">
<div class="form-text">
Your static 6-digit PIN
Your static 6-9 digit PIN (if configured)
</div>
</div>
<div class="col-md-6 mb-3">
<label class="form-label">
<i class="bi bi-file-earmark-lock me-1"></i> RSA Key
</label>
<input type="file" name="rsa_key" class="form-control" id="rsaKeyInput"
accept=".pem,.key">
<div class="form-text">
Your shared .pem key file (if configured)
</div>
</div>
</div>
<!-- RSA Key Password (shown when key selected) -->
<div class="mb-3 d-none" id="rsaPasswordGroup">
<label class="form-label">
<i class="bi bi-key me-1"></i> RSA Key Password
</label>
<input type="password" name="rsa_password" class="form-control"
placeholder="Password for the .pem file (if encrypted)">
<div class="form-text">
Leave blank if your key file is not password-protected
</div>
</div>
<button type="submit" class="btn btn-primary btn-lg w-100" id="encodeBtn">
@@ -125,6 +157,34 @@
{% block scripts %}
<script>
// Detect client's local date and day
const now = new Date();
const dayNames = ['Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday'];
const localDay = dayNames[now.getDay()];
const localDate = now.getFullYear() + '-' +
String(now.getMonth() + 1).padStart(2, '0') + '-' +
String(now.getDate()).padStart(2, '0');
// Update day label to client's local day
const dayLabel = document.getElementById('dayPhraseLabel');
if (dayLabel) {
dayLabel.innerHTML = `<i class="bi bi-chat-quote me-1"></i> ${localDay}'s Phrase`;
}
// Set hidden field with client's local date for server
const dateInput = document.getElementById('clientDate');
if (dateInput) {
dateInput.value = localDate;
}
// Show RSA password field when key is selected
const rsaKeyInput = document.getElementById('rsaKeyInput');
const rsaPasswordGroup = document.getElementById('rsaPasswordGroup');
rsaKeyInput.addEventListener('change', function() {
rsaPasswordGroup.classList.toggle('d-none', !this.files.length);
});
// Form submit loading state
document.getElementById('encodeForm').addEventListener('submit', function(e) {
const btn = document.getElementById('encodeBtn');
@@ -146,10 +206,7 @@ messageInput.addEventListener('input', function() {
const pct = Math.round((len / maxChars) * 100);
charPercent.textContent = pct + '%';
// Warning at 80%
charWarning.classList.toggle('d-none', len < maxChars * 0.8);
// Red text when near/over limit
charCount.classList.toggle('text-danger', len > maxChars * 0.95);
});
@@ -159,7 +216,6 @@ document.querySelectorAll('.drop-zone').forEach(zone => {
const label = zone.querySelector('.drop-zone-label');
const preview = zone.querySelector('.drop-zone-preview');
// Drag events
['dragenter', 'dragover'].forEach(evt => {
zone.addEventListener(evt, e => {
e.preventDefault();
@@ -174,7 +230,6 @@ document.querySelectorAll('.drop-zone').forEach(zone => {
});
});
// Handle drop
zone.addEventListener('drop', e => {
if (e.dataTransfer.files.length) {
input.files = e.dataTransfer.files;
@@ -182,7 +237,6 @@ document.querySelectorAll('.drop-zone').forEach(zone => {
}
});
// Handle click selection
input.addEventListener('change', function() {
if (this.files && this.files[0]) {
showPreview(this.files[0]);

265
templates/generate.html
View File

@@ -1,23 +1,22 @@
{% extends "base.html" %}
{% block title %}Generate Phrase Card - Stegasoo{% endblock %}
{% block title %}Generate Credentials - Stegasoo{% endblock %}
{% block content %}
<div class="row justify-content-center">
<div class="col-lg-8">
<div class="card">
<div class="card-header">
<h5 class="mb-0"><i class="bi bi-key-fill me-2"></i>Generate Phrase Card + PIN</h5>
<h5 class="mb-0"><i class="bi bi-key-fill me-2"></i>Generate Credentials</h5>
</div>
<div class="card-body">
{% if not generated %}
<p class="text-muted mb-4">
Generate your weekly phrase card and static PIN. Customize your security level:
Generate your weekly phrase card and security factors. You must choose at least one: PIN or RSA Key.
</p>
<form method="POST">
<div class="row">
<div class="col-md-6 mb-3">
<form method="POST" id="generateForm">
<div class="mb-4">
<label class="form-label">Words per phrase</label>
<select name="words_per_phrase" class="form-select" id="wordsSelect">
<option value="3" selected>3 words (~33 bits)</option>
@@ -34,20 +33,56 @@
<div class="form-text">More words = more security, harder to memorize</div>
</div>
<div class="col-md-6 mb-3">
<hr class="my-4">
<h6 class="text-muted mb-3">SECURITY FACTORS <span class="text-warning">(select at least one)</span></h6>
<!-- PIN Option -->
<div class="card mb-3" style="background: rgba(0,0,0,0.2);">
<div class="card-body">
<div class="form-check mb-3">
<input class="form-check-input" type="checkbox" name="use_pin" id="usePin" checked>
<label class="form-check-label fw-bold" for="usePin">
<i class="bi bi-123 me-1"></i> PIN
</label>
</div>
<div id="pinOptions">
<label class="form-label">PIN length</label>
<select name="pin_length" class="form-select" id="pinSelect">
<option value="6" selected>6 digits (~20 bits)</option>
<option value="7">7 digits (~23 bits)</option>
<option value="8">8 digits (~27 bits)</option>
<option value="9">9 digits (~30 bits)</option>
</select>
<div class="form-text">Same PIN used every day</div>
<div class="form-text">Memorizable, same PIN used every day</div>
</div>
</div>
</div>
<!-- RSA Key Option -->
<div class="card mb-3" style="background: rgba(0,0,0,0.2);">
<div class="card-body">
<div class="form-check mb-3">
<input class="form-check-input" type="checkbox" name="use_rsa" id="useRsa">
<label class="form-check-label fw-bold" for="useRsa">
<i class="bi bi-file-earmark-lock me-1"></i> RSA Key
</label>
</div>
<div id="rsaOptions" class="d-none">
<label class="form-label">Key size</label>
<select name="rsa_bits" class="form-select" id="rsaSelect">
<option value="2048" selected>2048-bit (~128 bits effective)</option>
<option value="3072">3072-bit (~128 bits effective)</option>
<option value="4096">4096-bit (~128 bits effective)</option>
</select>
<div class="form-text">File-based key, both parties need the same .pem file</div>
</div>
</div>
</div>
<div class="alert alert-info mb-4">
<div class="d-flex justify-content-between align-items-center">
<span><i class="bi bi-calculator me-2"></i>Estimated phrase+PIN entropy:</span>
<span><i class="bi bi-calculator me-2"></i>Estimated entropy:</span>
<strong id="entropyDisplay">~53 bits</strong>
</div>
<div class="progress mt-2" style="height: 8px;">
@@ -59,33 +94,33 @@
</small>
</div>
<!--<div class="form-check mb-4">
<input class="form-check-input" type="checkbox" name="generate_stories" id="generateStories" checked>
<label class="form-check-label" for="generateStories">
<i class="bi bi-book me-2"></i>Generate memory aid stories
{% if has_ml %}<span class="badge bg-success ms-2">AI-powered</span>{% else %}<span class="badge bg-secondary ms-2">Template-based</span>{% endif %}
</label>
<div class="form-text">Creates memorable stories to help you remember each day's phrase</div>
</div>-->
<div class="alert alert-warning d-none" id="noFactorWarning">
<i class="bi bi-exclamation-triangle me-2"></i>
You must select at least one security factor (PIN or RSA Key)
</div>
<button type="submit" class="btn btn-primary btn-lg w-100" id="generateBtn">
<i class="bi bi-shuffle me-2"></i>Generate New Credentials
<i class="bi bi-shuffle me-2"></i>Generate Credentials
</button>
</form>
{% else %}
<div class="alert alert-info">
<i class="bi bi-exclamation-circle me-2"></i>
<strong>Credentials Generated!</strong> - Refresh to generate new credentials
<!-- Generated Results -->
<div class="alert alert-success-bright alert-dismissible fade show">
<i class="bi bi-check-circle me-2"></i>
<strong>Credentials Generated!</strong>
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
<div class="alert alert-warning">
<div class="alert alert-warning alert-dismissible fade show">
<i class="bi bi-exclamation-triangle me-2"></i>
<strong>Memorize the information then close!</strong> - Do not save/screenshot
<strong>Memorize phrases, save key securely, then close!</strong> - Do not screenshot
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
{% if pin %}
<hr class="my-4">
<div class="text-center mb-4">
<h6 class="text-muted mb-2">YOUR STATIC PIN</h6>
<div class="pin-container">
@@ -95,6 +130,55 @@
<small class="text-muted">Use this {{ pin_length }}-digit PIN every day</small>
</div>
</div>
{% endif %}
{% if rsa_key_pem %}
<hr class="my-4">
<div class="mb-4">
<h6 class="text-muted mb-3">
<i class="bi bi-file-earmark-lock me-2"></i>YOUR RSA KEY ({{ rsa_bits }}-bit)
</h6>
<div class="alert alert-danger small">
<i class="bi bi-shield-exclamation me-1"></i>
<strong>Save this key securely!</strong> Share it with your recipient through a secure channel. You cannot recover it later.
</div>
<!-- Key Display -->
<div class="mb-3">
<textarea class="form-control font-monospace" id="rsaKeyText" rows="6" readonly style="font-size: 0.75rem;">{{ rsa_key_pem }}</textarea>
</div>
<!-- Copy to Clipboard -->
<button type="button" class="btn btn-outline-light me-2" id="copyKeyBtn">
<i class="bi bi-clipboard me-1"></i> Copy to Clipboard
</button>
<!-- Download with Password -->
<button type="button" class="btn btn-outline-light" data-bs-toggle="collapse" data-bs-target="#downloadKeyForm">
<i class="bi bi-download me-1"></i> Download as .pem
</button>
<div class="collapse mt-3" id="downloadKeyForm">
<div class="card" style="background: rgba(0,0,0,0.2);">
<div class="card-body">
<form method="POST" action="{{ url_for('download_key') }}">
<input type="hidden" name="key_pem" value="{{ rsa_key_pem }}">
<div class="mb-3">
<label class="form-label">Password to protect key file</label>
<input type="password" name="key_password" class="form-control"
placeholder="Minimum 8 characters" minlength="8" required>
<div class="form-text">You'll need this password when using the key</div>
</div>
<button type="submit" class="btn btn-primary">
<i class="bi bi-file-earmark-lock me-1"></i> Download Protected Key
</button>
</form>
</div>
</div>
</div>
</div>
{% endif %}
<hr class="my-4">
@@ -126,15 +210,23 @@
<div class="alert alert-success mt-4">
<h6><i class="bi bi-shield-check me-2"></i>Security Summary</h6>
<div class="row text-center mt-3">
<div class="col-4">
<div class="col-3">
<div class="fs-4 fw-bold">{{ phrase_entropy }}</div>
<small class="text-muted">bits/phrase</small>
</div>
<div class="col-4">
{% if pin %}
<div class="col-3">
<div class="fs-4 fw-bold">{{ pin_entropy }}</div>
<small class="text-muted">bits/PIN</small>
</div>
<div class="col-4">
{% endif %}
{% if rsa_key_pem %}
<div class="col-3">
<div class="fs-4 fw-bold">{{ rsa_entropy }}</div>
<small class="text-muted">bits/RSA</small>
</div>
{% endif %}
<div class="col-3">
<div class="fs-4 fw-bold text-success">{{ total_entropy }}</div>
<small class="text-muted">bits total</small>
</div>
@@ -144,36 +236,6 @@
</small>
</div>
<div class="alert alert-info mt-4">
<h6><i class="bi bi-lightbulb me-2"></i>Memorization Tip</h6>
<p class="mb-1">
<strong>Total to memorize:</strong> {{ words_per_phrase * 7 }} words + {{ pin_length }} digits
</p>
<p class="mb-0 small">
Create a story for each day: "On Monday, the <em>[word1]</em> and <em>[word2]</em> went to see <em>[word3]</em>..."
</p>
</div>
{% if stories %}
<hr class="my-4">
<h6 class="text-muted mb-3">
<i class="bi bi-book me-2"></i>MEMORY AID STORIES
{% if has_ml %}<span class="badge bg-success ms-2">AI-generated</span>{% else %}<span class="badge bg-secondary ms-2">Template-based</span>{% endif %}
</h6>
<p class="text-muted small mb-3">
Passphrase words are shown in <span class="story-word">RED CAPS</span>.
Read each story to help memorize your phrases.
</p>
{% for day in days %}
<div class="story-card">
<div class="day-label"><i class="bi bi-calendar3 me-2"></i>{{ day }}</div>
<div>{{ stories[day].story_html|safe }}</div>
</div>
{% endfor %}
{% endif %}
<a href="/generate" class="btn btn-outline-light btn-lg w-100 mt-3">
<i class="bi bi-arrow-repeat me-2"></i>Generate New Credentials
</a>
@@ -186,47 +248,98 @@
{% endblock %}
{% block scripts %}
{% if not generated %}
<script>
{% if not generated %}
const usePinCheckbox = document.getElementById('usePin');
const useRsaCheckbox = document.getElementById('useRsa');
const pinOptions = document.getElementById('pinOptions');
const rsaOptions = document.getElementById('rsaOptions');
const noFactorWarning = document.getElementById('noFactorWarning');
const generateBtn = document.getElementById('generateBtn');
// Toggle option visibility
usePinCheckbox.addEventListener('change', function() {
pinOptions.classList.toggle('d-none', !this.checked);
validateFactors();
updateEntropy();
});
useRsaCheckbox.addEventListener('change', function() {
rsaOptions.classList.toggle('d-none', !this.checked);
validateFactors();
updateEntropy();
});
function validateFactors() {
const hasPin = usePinCheckbox.checked;
const hasRsa = useRsaCheckbox.checked;
const valid = hasPin || hasRsa;
noFactorWarning.classList.toggle('d-none', valid);
generateBtn.disabled = !valid;
}
function updateEntropy() {
const words = parseInt(document.getElementById('wordsSelect').value);
const usePin = usePinCheckbox.checked;
const useRsa = useRsaCheckbox.checked;
const pinLen = parseInt(document.getElementById('pinSelect').value);
const phraseEntropy = words * 11;
const pinEntropy = Math.floor(pinLen * 3.32);
const total = phraseEntropy + pinEntropy;
const pinEntropy = usePin ? Math.floor(pinLen * 3.32) : 0;
const rsaEntropy = useRsa ? 128 : 0;
const total = phraseEntropy + pinEntropy + rsaEntropy;
document.getElementById('entropyDisplay').textContent = '~' + total + ' bits';
// Update progress bar (scale: 50 bits = 40%, 150 bits = 100%)
const pct = Math.min(100, Math.max(10, (total - 30) * 0.7));
// Update progress bar
const pct = Math.min(100, Math.max(10, (total - 30) * 0.5));
document.getElementById('entropyBar').style.width = pct + '%';
// Update description
let desc;
if (total < 50) desc = 'Basic security';
else if (total < 70) desc = 'Good for most use cases';
else if (total < 100) desc = 'Strong security';
else if (total < 130) desc = 'Very strong security';
else desc = 'Extreme security (hard to memorize!)';
else if (total < 80) desc = 'Good for most use cases';
else if (total < 120) desc = 'Strong security';
else if (total < 180) desc = 'Very strong security';
else desc = 'Maximum security';
document.getElementById('entropyDesc').textContent = desc;
}
document.getElementById('wordsSelect').addEventListener('change', updateEntropy);
document.getElementById('pinSelect').addEventListener('change', updateEntropy);
document.getElementById('rsaSelect').addEventListener('change', updateEntropy);
// Loading state for generate button
document.querySelector('form').addEventListener('submit', function() {
const btn = document.getElementById('generateBtn');
const storiesChecked = document.getElementById('generateStories')?.checked;
btn.disabled = true;
if (storiesChecked) {
btn.innerHTML = '<span class="spinner-border spinner-border-sm me-2"></span>Generating stories...';
} else {
btn.innerHTML = '<span class="spinner-border spinner-border-sm me-2"></span>Generating...';
// Form submit
document.getElementById('generateForm').addEventListener('submit', function(e) {
if (!usePinCheckbox.checked && !useRsaCheckbox.checked) {
e.preventDefault();
noFactorWarning.classList.remove('d-none');
return;
}
generateBtn.disabled = true;
generateBtn.innerHTML = '<span class="spinner-border spinner-border-sm me-2"></span>Generating...';
});
</script>
// Initial state
validateFactors();
updateEntropy();
{% else %}
// Copy RSA key to clipboard
document.getElementById('copyKeyBtn')?.addEventListener('click', function() {
const keyText = document.getElementById('rsaKeyText');
navigator.clipboard.writeText(keyText.value).then(() => {
this.innerHTML = '<i class="bi bi-check me-1"></i> Copied!';
setTimeout(() => {
this.innerHTML = '<i class="bi bi-clipboard me-1"></i> Copy to Clipboard';
}, 2000);
});
});
{% endif %}
</script>
{% endblock %}