stegasoo/RELEASE_NOTES.md

Stegasoo v4.2.1

API Security

API Key Authentication

• All protected endpoints require X-API-Key header
• Keys stored hashed (SHA-256) in ~/.stegasoo/api_keys.json
• Auth disabled when no keys configured (easy onboarding)

TLS Support

• Self-signed certificates auto-generated on first run
• Certs valid for localhost, all local IPs, hostname.local
• CLI: stegasoo api tls generate to pre-generate

CLI Improvements

New API Management Commands

stegasoo api keys create NAME    # Create new key
stegasoo api keys list           # List API keys
stegasoo api tls generate        # Generate TLS cert
stegasoo api serve               # Start server with TLS

New Image Tools

stegasoo tools compress IMG -q 75   # JPEG compression
stegasoo tools rotate IMG -r 90     # Lossless rotation
stegasoo tools convert IMG -f png   # Format conversion

Bug Fixes

• DCT rotation: Portrait photos no longer export rotated 90°
• jpegtran: Removed -trim flag that destroyed DCT stego data
• CLI encode: Now outputs JPEG when carrier is JPEG (was always PNG)
• Import paths: Fixed for installed packages (AUR/pip)

Installation

AUR (Arch Linux)

yay -S stegasoo-git       # Full (Web + API + CLI)
yay -S stegasoo-cli-git   # CLI only

Docker

docker-compose -f docker/docker-compose.yml up -d

Raspberry Pi Flash stegasoo-rpi-4.2.1.img.zst.zip to SD card. Default login: admin / stegasoo

Requirements

• Python 3.11 - 3.14 (dropped 3.10 support)

Release Assets

File	Description
stegasoo-rpi-4.2.1.img.zst.zip	Raspberry Pi SD card image
stegasoo-docker-base-4.2.1.tar.zst	Docker base image
Source code (zip/tar.gz)	Auto-generated

---

Stegasoo v4.2.0

Performance Optimizations

Major performance improvements for Raspberry Pi and resource-constrained deployments.

DCT Vectorization (~14x faster)

• Batch DCT processing using scipy.fft.dctn with axes=(1,2)
• Processes 500 blocks at once instead of one-by-one
• Decode time reduced from ~2.6s to ~0.8s on 1MB images

Memory Optimization (50% reduction)

• Switched from float64 to float32 for all DCT operations
• Peak RAM: 211 MB → 107 MB for encode, 104 MB → 52 MB for decode
• Critical for Pi 3/4 avoiding swap thrashing

Progress Callbacks for Decode

• progress_file parameter added to decode() and extraction functions
• UI can now show decode progress (phases: loading, extracting, decoding, complete)
• JSON format: {"current": 80, "total": 100, "percent": 80.0, "phase": "decoding"}

Async API Endpoints

• Encode/decode operations now run in thread pool via asyncio.to_thread()
• API server can handle concurrent requests without blocking
• Essential for multi-user Pi deployments

Compression

Zstd Default Compression

• zstandard is now a core dependency (always installed)
• Better compression ratio than zlib for QR code RSA keys
• New STEGASOO-ZS: prefix for zstd, backward compatible with STEGASOO-Z: (zlib)

QR Code Generation

CLI Support

• stegasoo generate --rsa --qr key.png - save RSA key as QR image (PNG/JPG)
• stegasoo generate --rsa --qr-ascii - print ASCII QR to terminal

API Support

• POST /generate-key-qr - generate QR from RSA key
• Supports png, jpg, and ascii output formats
• Uses zstd compression by default

Other Changes

• RSA key size capped at 3072 bits (4096 too large for QR codes)
• File auto-expire increased to 10 minutes
• Progress bar "candy cane" animation during Argon2 key derivation
• Optional API service in Pi setup (with security warning)

Summary

Metric	v4.1.7	v4.2.0	Improvement
Decode (1MB)	~2.6s	~0.8s	70% faster
Peak RAM	211 MB	107 MB	50% less
Concurrent API	No	Yes	check
QR Compression	zlib	zstd	~15% smaller

Full Changelog

See CHANGELOG.md for complete version history.