Cryptpng

A way to store encrypted data inside a png without altering the image itself.

Usage

# encrypt
cryptpng encrypt --image <name of the image> --in <input file> --out <output file>

# decrypt
cryptpng decrypt --image <crypt image> --out <decrypted output file>

Technical Information

It should be possible to store data with a size up to ~ 4GB, but in reality most image viewers have problems with chunks that are bigger than several Megabytes. The data itself is stored in a png chunk and encrypted via aes. The encryption chunk is stored right before the IDAT chunk that contains the image data. The steps for encrypting are:

Encrypt

1. Parse the png file and split it into chunks.
2. Prompt for a password and use the scrypt 32byte value with a generated salt.
3. Store the salt in the saLt chunk.
4. Encrypt the data using aes and the provided hashed key.
5. Split the data into parts of 1 MiB of size.
6. Store every data part into a separate crPt chunk.
7. Write the png header and chunks to the output file.

Decrypt

1. Parse the png file and split it into chunks.
2. Get the saLt chunk.
3. Get the crPt chunks and and concat the data.
4. Prompt for the password and create the scrypt 32byte hash with the salt.
5. Decrypt the data using aes and the provided hash key.
6. Write the data to the specified output file.