AuthorTopic: How to do End-to-End Encryption using GPG4USB (Part 3)  (Read 1150 times)

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3751
    • View Profile
How to do End-to-End Encryption using GPG4USB (Part 3)
« on: November 22, 2015, 05:51:36 PM »
How to do End-to-End Encryption using GPG4USB (Part 3)

by Palloy

Part 1 described how to use the basic functions of GPG4USB, and Part 2 covered some extra features, including Steganography, which in GPG4USB is simply removing the unnecessary headers (unnecessary if the recipient knows it is a PGP message).

More on steganography

    -----BEGIN PGP MESSAGE-----
    Version: GnuPG v1

    -----END PGP MESSAGE-----

Now if you look at a PGP message, you will notice that after the headers have been removed, the last line always starts with "=" followed by 4 characters. This is a checksum and is vital to detect damaged messages. Apart from that character, all the other characters come from the set {A-Z, a-z, 0-9, /, +}, 64 in all. This is called the base64 set, and any chunk of data can be converted into base64 by bit manipulation.

From this, you could guess (and you would be right) that the result of PGP encryption is actually a string of bytes (base256 or ASCII), that are then converted to base64 to ensure they are readable, printable and copy-pasteable by all computers. This is called ASCII-armouring.

You can also prove to yourself by experiment that the line breaks don't matter, and are only there to make things look more friendly.

I won't show you the base256 data for the above string, because it won't print nicely, but it is "real" all the same. It is that base256 string that we really want to be working with.

Remember that the whole point of steganography is to disguise the fact that you are sending encryption messages. So we want to look like we are sending something innocent, like the picture of a cat, or an MP3 audio file of the family singing "Happy Birthday, dear Johnnie", so the file has to contain a genuine image or audio, but contained within in is the PGP message.

So without further ado, here is the photo of my cat, Petal, first the original, and second the altered one containing the PGP message above.

I'm sure you will agree that the image hasn't been degraded because of the alterations. It has in fact got about 1.5% bigger in file size, but you would never know it if you didn't have the original.

You see there is so much detail in a computer image, that there is more than the human eye can detect. That redundancy of information is used to embed the message into the file, without you being able to see it.

OK, that embedding process was done using an app called steg (runs on Windows, Mac and Linux).
Download from, virus check it, and install it.

What we want is for GPG4USB to do it for us automatically, but there I'm afraid we will have to wait for a new improved version to come along.

In the meantime, the sending process now becomes:
1. type your plain text into GPG4USB
2. check the recipients's Public Key checkboxes
3. Encrypt
4. Save the ecrypted message as a file, say "gpg.txt"
5. Run steg
6. File > Open > choose your image file
7. Click on Hide data button and select "gpg.txt"
8. Click on Save button and choose a name for your output file
9. Delete the file "gpg.txt"
10. Send your new image as an email attachment, or whatever

The receiving process is (and you can try this on the second cat image):
1. Save the image from your email attachment (or from this web page) to somewhere handy
2. Run steg
3. File > Open > choose the image file
4. Click the Extract button, choose a folder to receive the output
5. In GPG4USB, open the file "gpg.txt"
6. Decrypt (this will fail for you because the PGP message was only encrypted for me)

Yes, it's a bit long-winded, but just think of the security!

« Last Edit: November 22, 2015, 06:15:20 PM by Palloy »
The State is a body of armed men

Offline RE

  • Administrator
  • Chief Cook & Bottlewasher
  • *****
  • Posts: 42050
    • View Profile
Re: How to do End-to-End Encryption using GPG4USB (Part 3)
« Reply #1 on: November 22, 2015, 06:00:22 PM »
This enables us to embed an encrypted text message beneath a picture, but can we use GPG4USB to encrypt the picture itself?  If so how and what is the proceedure?

Save As Many As You Can

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3751
    • View Profile
Re: How to do End-to-End Encryption using GPG4USB (Part 3)
« Reply #2 on: November 22, 2015, 06:19:59 PM »
In GPG4USB click on the File button, and Encrypt File.  This opens a window where you can select the input file (ANY file), and the output file, and the Recipients.
The State is a body of armed men


Related Topics

  Subject / Started by Replies Last post
10 Replies
Last post June 06, 2017, 01:54:29 AM
by Palloy
7 Replies
Last post November 22, 2015, 06:12:37 PM
by Palloy
0 Replies
Last post October 03, 2019, 02:10:38 PM
by RE