Rust Steganography

A Rust CLI tool for hiding and extracting encrypted messages inside PNG images using LSB (Least Significant Bit) steganography.

The embedding process works at the pixel level: each RGB channel’s least significant bit is overwritten with one bit of the message, giving 3 bits of storage per pixel. A 4-byte little-endian length header is prepended to the payload so the extractor knows exactly how many bytes to read back; the rest of the image’s capacity is untouched and visually identical to the original.

Before embedding, the message is encrypted with AES-256-GCM-SIV. The key is derived from a user-supplied password via SHA-256, and a randomly generated 12-byte nonce is prepended to the ciphertext. This means two embeds of the same message with the same key produce different ciphertexts, and extraction without the correct key returns nothing meaningful. The same binary handles both directions: embed when --message is supplied, extract otherwise.

Highlights

• Implemented RGB LSB steganography from scratch in Rust; each pixel stores 3 bits across R, G, B channels with a length-prefixed payload for clean extraction.
• Layered AES-256-GCM-SIV authenticated encryption on top of the steganographic layer, making the embedded data both hidden and tamper-evident.
• Used SHA-256 to derive a fixed-length key from an arbitrary password string, with a random nonce per encryption to prevent ciphertext reuse.
• Designed the CLI with a single entry point for both embed and extract modes, with capacity reporting so the user knows how much of the image’s steganographic space the message consumes.