Solving problems – encrypting a message
For proper encryption, the PyCrypto package can be used, which can be downloaded from https://www.dlitz.net/software/pycrypto/. As with Pillow, this is a hefty download.
As we saw in Chapter 1, Our Espionage Toolkit, a poor choice of key will render any encryption scheme essentially worthless. If we encrypt a file using a single-word key that's available in a readily available corpus of words, we haven't really made our data very secure at all. A brute-force attack will break the encryption.
We can combine steganography with the creation of a ZipFile
archive to embed a message in an image in a ZIP file. As a ZIP file can have a comment string, we can include an HMAC signature as the comment for the ZIP archive.
Ideally, we'd use the ZIP encryption. However, the Python ZipFile
library doesn't create encrypted ZIP files. It only reads encrypted files.
We're going to define a function that looks like this:
def package( text, image_source, key_hmac, filename...