CipherCanvas is a browser-based crypto + stego lab that can encrypt, decrypt, hide text in images, and hide full image files in other images.
- AES-GCM with PBKDF2-SHA256 for passphrase encryption.
- RSA-OAEP + AES hybrid encryption.
- ECDH-P256 + AES hybrid encryption.
- Caesar and Vigenere (educational ciphers).
- Text-in-image steganography and extraction.
- Image-in-image steganography and extraction.
- Optional AES protection for hidden payloads.
- Versioned stego container format (
STG2) with payload checksum (CRC32). - Stricter payload validation for malformed ciphertext and metadata.
- Capacity meter for carrier images.
- Copy and download actions for crypto output.
- Guided workflow buttons:
- Encrypt -> Fill Secret Text
- Extract -> Load Crypto Input
- RSA key helpers:
- Generate, save, load
- Public key fingerprint display
- ECDH key helpers:
- Generate, save, load
- Drag-and-drop support for image inputs.
- Preview cards for selected files.
- Operation progress bars for hide/extract tasks.
Option 1 (direct):
- Open index.html in a modern browser.
Option 2 (local server):
- Run
python3 run.py - Open
http://127.0.0.1:8000
- Use PNG carriers for best reliability.
- JPEG can corrupt hidden bits due to lossy compression.
- Encoded output is always generated as PNG.
- Capacity depends on carrier resolution.
- RSA and ECDH keys are stored in browser local storage only when you press Save.
- Classical ciphers (Caesar, Vigenere) are for learning only.
- Local storage key saving is convenient but less secure than dedicated key vaults.
- For high-assurance production systems, use audited cryptographic tooling, secure key management, and independent security review.