Steganography & Encryption

Hidden in
Plain Sight

Encrypt files and conceal them inside ordinary images, audio, and documents. The carrier still opens normally. The payload stays sealed.

Launch AppView Pricing

Supported Carriers

PNG

RGB LSB embedding

JPEG

APP15 metadata

GIF

Comment extension

WAV

PCM LSB embedding

MP3

ID3v2 PRIV frame

PDF

Incremental stream

Plus ZIP, DOCX, XLSX, and PPTX via ZIP-family handling

Methodology

Two workflows, one library

Lock / Unlock

Seal any file into a versioned, encrypted envelope. No carrier needed. Use this for encrypted storage or transfer when format-preserving concealment isn't required.

$ plainsight lock secret.txt --passphrase "orchid"

$ plainsight unlock secret.txt.plainsight --passphrase "orchid"

Hide / Reveal

Encrypt a payload, then conceal it inside a carrier file that still opens normally. The image looks like an image. The audio plays like audio. The secret stays sealed.

$ plainsight hide note.txt --carrier cover.png

$ plainsight reveal cover.plainsight.png

Architecture

Built on established primitives

AES-256-GCM

Authenticated encryption with Argon2id key derivation. Every envelope is passphrase-sealed and tamper-evident.

Human-inspection-first

Carriers remain valid, openable files. A hidden PNG still looks like a photograph. A hidden WAV still plays as audio.

Block-level redundancy

Parity and checksums enable limited self-repair of carrier corruption during reveal, without external tooling.

Content-aware placement

PNG and WAV payloads concentrate in high-complexity or high-amplitude regions to minimize perceptual impact.

Versioned envelopes

Every payload is wrapped in a versioned, structured envelope with embedded metadata and sanitized filenames.

Conservative budgeting

Carrier inspection provides honest, conservative capacity estimates — not raw format maximums.

Security Model

Honest about its limits

Plainsight is built to make hidden files look ordinary to people — not to defeat forensic analysis. Outputs remain valid carrier files with passphrase-based authenticated encryption, but they are not designed to resist steganalysis tooling or format-aware machine inspection.

Promises

  • Authenticated encryption
  • Valid, openable carriers
  • Conservative placement
  • Passphrase-sealed envelopes

Does not promise

  • Forensic resistance
  • Machine-inspection invisibility
  • Equal strength across formats
  • Steganalysis-proof output

Ready to conceal?

Sign in to queue secure steganography jobs, monitor them live, and download the finished output from your workbench.

Launch App