![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to stealth.man CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / contrib / stealth|
Return to stealth.man CVS log | Up to [PGP] / pgp / contrib / stealth |
1.1 ! root 1: ! 2: Stealth V1.1 by Henry Hastur ! 3: ---------------------------- ! 4: ! 5: Stealth is a simple filter for PGP which strips off all identifying header ! 6: information to leave only the encrypted data in a format suitable for ! 7: steganographic use. That is, the data can be hidden in images, audio ! 8: files, text files, CAD files, and/or any other file type that may contain ! 9: random data, then sent to another person who can retrieve the data from ! 10: the file, attach headers, and PGP decrypt it. ! 11: ! 12: Stealth is not intended to replace the standardised methods of using ! 13: encryption (e.g. ASCII-armoured PGP email) ; in an ideal world we would ! 14: all be able to send openly encrypted mail or files to each other with no ! 15: fear of reprisals, however there are often cases when this is not possible, ! 16: either because the local government does not approve of encrypted ! 17: communication, or perhaps because you are working for a company that ! 18: does not allow encrypted email but doesn't care about Mandelbrot ! 19: GIFs. This is where Stealth and steganography can come into play. ! 20: ! 21: ! 22: Compiling ! 23: --------- ! 24: ! 25: Stealth has currently only been tested on BSD and SVR4 Unix (and as ! 26: such should work with most varieties of Unix), with both non-ANSI ! 27: compilers and ANSI compilers with 'minimal ANSI' flags. In order to ! 28: compile the program, you should just be able to extract the files ! 29: from the tar file provided, then type 'make'. If that fails you may ! 30: need to change the definition of CC and CFLAGS in the makefile to ! 31: get it to compile. On machines with gcc, the GNU C compiler, Stealth ! 32: can be compiled by simply changing the 'CC=cc' line in makefile to ! 33: 'CC=gcc'. ! 34: ! 35: Stealth can be compiled on MS-DOS using the Microsoft C compiler with ! 36: the following command line : ! 37: ! 38: cl /DDOS stealth.c ! 39: ! 40: That's all there is to it - the compiler will output a STEALTH.EXE ! 41: ready for use. Other compilers should work, but you may need to change ! 42: header files and the code at the beginning of main() which sets the ! 43: mode of stdin and stdout to binary. ! 44: ! 45: Usage ! 46: ----- ! 47: ! 48: Stealth always reads from its standard input and writes to the standard ! 49: output, though when adding headers to data the data has to be stored in a ! 50: temporary file (see Security Concerns below). ! 51: ! 52: Command line arguments : ! 53: ! 54: -c Conventional encryption used rather than public key ! 55: -a Add headers (defaults to strip headers) ! 56: -v Verbose output. ! 57: ! 58: The -a argument takes a string specifying the key id to put into the ! 59: header. This can be specified either as an identifying name (e.g. ! 60: [email protected]), or as a 24-bit key id as given by the pgp -kv ! 61: command, prefixed by '0x' (See examples below). The latter has been ! 62: added for MS-DOS users who can only pass a single word to the program ! 63: for a key name. ! 64: ! 65: Stealth needs to be able to find your pubring.pgp file, which it does ! 66: by first checking in the directory pointed to by $PGPPATH, then the ! 67: current directory. ! 68: ! 69: ! 70: Examples ! 71: -------- ! 72: ! 73: To encrypt a file with PGP and store it in the file pgp.stl prior to sending : ! 74: ! 75: pgp -ef < secrets.dat | stealth > pgp.stl ! 76: ! 77: To encrypt a file with conventional (IDEA) encryption, and pass to a ! 78: steganography program called steg_program : ! 79: ! 80: pgp -fec < secrets.dat | stealth -c | steg_program ! 81: ! 82: To take the output from a steganographic extraction tool, add headers ! 83: for key "Your Id", and decrypt : ! 84: ! 85: steg_program | stealth -a "Your Id" | pgp -f > secrets.dat ! 86: ! 87: [ Note : this use of " marks will only work on Unix, not MS-DOS. If ! 88: you have to specify a key with more than one word, you will probably ! 89: have to specify the key id instead ] ! 90: ! 91: To take the conventionally encrypted output from a steg program, attach ! 92: headers and decrypt : ! 93: ! 94: steg_program | stealth -ac | pgp -f > secrets.dat ! 95: ! 96: To take the output from a steganography program, add the headers ! 97: for a key whose 24-bit id is 23ffff, and decrypt : ! 98: ! 99: steg_program | stealth -a 0x23ffff | pgp -f > secrets.dat ! 100: ! 101: ! 102: Limitations ! 103: ----------- ! 104: ! 105: Files can be signed, but can only be encrypted to one recipient - extra ! 106: RSA headers for all but the first recipient will be stripped from the ! 107: file. In addition, if you specify conventional encryption but pass an ! 108: RSA-encrypted file into the filter the RSA-block will be stripped. In ! 109: either case, stealth will print out warnings to inform you of this. ! 110: ! 111: Stealth provides no support for ASCII-armoured PGP messages - it will ! 112: only work with the binary output format, and the output will have to ! 113: be converted to a useable form after processing, either with a ! 114: steganography program or a standard utility such as uuencode. ! 115: ! 116: Finally, for technical reasons there are potential problems with public ! 117: keys of size (typically) 8*n + 1 or 8*n + 2 (e.g. 513 or 1026). If you ! 118: are encrypting to a key of a peculiar size, it's possible that the algorithm ! 119: used to add headers could fail, but fortunately this can be detected while ! 120: stripping the headers, and a warning will be printed. If this warning appears, ! 121: you will probably want to encrypt the data again until a suitably sized ! 122: RSA-block is created. ! 123: ! 124: It is NOT neccesary to remove garbage data that the steganography program ! 125: may have added to the end of the PGP-encrypted data. PGP output contains ! 126: an encrypted end-of-file mark that allows the program to decrypt correctly ! 127: and ignore any trailing garbage. ! 128: ! 129: ! 130: Security Concerns ! 131: ----------------- ! 132: ! 133: After passing through the stealth filter, the PGP-encrypted data is ! 134: essentially white noise, with no identifying marks, and whilst it may ! 135: well have enough peculiarities for an expert cryptanalyst to recognize ! 136: it as encrypted data, the probability is much less than would be the ! 137: case with a PGP header identifying the recipient attached. ! 138: ! 139: One other concern is that stealth has to create a temporary file when ! 140: reading in data to attach headers, and depending on the build options ! 141: chosen the program will store it in either $PGPPATH, the current directory ! 142: or /tmp. On Unix machines, the file will be deleted as soon as it is opened, ! 143: making it difficult to capture, but on other operating systems the file ! 144: will only be deleted when it has been used. (In either case the file will ! 145: be zeroed before being closed). ! 146: ! 147: In addition, some operating systems will use temporary files on your disk ! 148: to emulate unix pipes (e.g. MS-DOS) - these files will not be zeroed when ! 149: finished with ! ! 150: ! 151: ! 152: Export Restrictions ! 153: ------------------- ! 154: ! 155: Stealth is probably not covered by current export restrictions under the ! 156: US ITAR regs, but I'm not a lawyer, so if in doubt check it out yourself. ! 157: It was written outside the US and imported, so should soon be available ! 158: on some European ftp sites as well as US sites. ! 159: ! 160: ! 161: Henry Hastur ! 162: ! 163:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.