@sidx1/ciavault
v1.0.0
Published
π Hide any file inside an image or any other file using steganography + AES-256 encryption
Maintainers
Readme
π ciavault
Hide any file inside an image or any other file using steganography + AES-256 encryption.
ciavault lets you conceal a secret file inside a carrier file (a PNG image, a PDF, a zip, a video β anything). The carrier looks and works completely normally. Only someone who knows a secret was hidden can extract it.
Features
- Two hiding methods
lsbβ Least Significant Bit pixel steganography (PNG only, visually undetectable)eofβ End-of-File injection (works with any file type)
- AES-256-GCM encryption β optionally encrypt the payload before hiding it
- Key derivation via
scryptβ brute-force resistant - CLI + programmatic API
- Zero native dependencies
Installation
npm install -g ciavaultOr locally in your project:
npm install ciavaultCLI Usage
Hide a file
# Auto-detect method (lsb for .png, eof for everything else)
ciavault hide -c photo.png -s secret.pdf -o output.png
# Force EOF method (works with any carrier)
ciavault hide -c video.mp4 -s secret.txt -o output.mp4 --method eof
# Hide and encrypt
ciavault hide -c photo.png -s secret.txt -o output.png --passphrase "correct horse battery staple"Reveal a hidden file
# Auto-detect method, save to current directory
ciavault reveal -c output.png
# Decrypt and reveal
ciavault reveal -c output.png --passphrase "correct horse battery staple"
# Save to a specific directory
ciavault reveal -c output.png -o ./recovered/Check if a file has a hidden payload
ciavault info -c output.pngRemove a hidden EOF payload (restore original)
ciavault strip -c output.mp4 -o restored.mp4Programmatic API
const ciavault = require('ciavault');
// ββ Hide ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
const outputBuf = await ciavault.hide({
carrier: 'photo.png', // path or Buffer
secret: 'secret.txt', // path or Buffer
method: 'auto', // 'lsb' | 'eof' | 'auto'
passphrase: 'my secret passphrase' // optional
});
fs.writeFileSync('output.png', outputBuf);
// ββ Reveal βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
const { filename, data } = await ciavault.reveal({
carrier: 'output.png',
passphrase: 'my secret passphrase' // required if encrypted
});
fs.writeFileSync(filename, data);
// ββ Info βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
const result = await ciavault.info({ carrier: 'output.png' });
// β { hasPayload: true, encrypted: false, filename: 'secret.txt', size: 1234 }Using Buffers directly
const carrier = fs.readFileSync('photo.png');
const secret = fs.readFileSync('document.pdf');
const output = await ciavault.hide({
carrier,
secret,
secretName: 'document.pdf', // required when passing Buffers
method: 'lsb',
});How It Works
LSB (Least Significant Bit)
Each pixel in a PNG image is stored as RGBA values (0β255 per channel). ciavault modifies only the least significant bit of the R, G, and B channels of each pixel to encode the payload. A change of Β±1 in a colour value is completely invisible to the human eye and undetectable by casual inspection.
Capacity: floor(width Γ height Γ 3 / 8) - 4 bytes
Example: a 1920Γ1080 PNG can hold up to ~777 KB of hidden data.
EOF Injection
The payload is appended to the end of the carrier file, sandwiched between two unique sentinel markers (magic bytes + a random nonce). Most applications ignore trailing data after their format's end-of-file marker, so the carrier continues to open and work normally.
Capacity: unlimited (only disk space).
Security Notes
- LSB steganography is not cryptographically secure by itself. Anyone who knows to look can run statistical analysis. Always use
--passphrasefor sensitive data. - EOF injection can be detected by checking if a file has trailing data after its normal EOF marker. Use encryption to make the payload opaque.
- The passphrase is processed through
scrypt(N=16384, r=8, p=1) before use, which is deliberately slow to resist brute-force attacks. - Authentication is provided by AES-256-GCM's built-in auth tag β tampering with the ciphertext is detected.
License
MIT
