Image-based encryption made simple.
StegaX is a Flutter application that hides encrypted messages inside images using modern cryptography and steganography - entirely on-device, with no network dependency.
This project focuses on correctness, transparency, and engineering discipline, not gimmicks.
Most “secure messaging” tools rely on:
- Servers
- Accounts
- Network trust
- Black-box implementations
StegaX takes a different approach:
- No servers
- No accounts
- No tracking
- No network calls
- No hidden logic
All encryption and embedding happens locally on the device.
If the app is closed, nothing leaves the phone.
StegaX allows a user to:
- Select an image
- Enter a secret message
- Choose an encryption mode
- Embed the encrypted data into the image
- Save the resulting image to the device
- Reveal hidden messages from compatible images
- Automatically generates a secure random AES-256 key
- No password required
- Fast and simple
- Key is embedded securely in the payload
- User-provided password
- AES-256-GCM with key derivation (salted)
- Password is never stored
- Stronger protection against unauthorized extraction
Both modes use authenticated encryption to prevent tampering.
- Flutter (Dart)
- AES-256-GCM
- Secure random key generation
- Password-based key derivation
- Image steganography
- Strict null-safety & analysis
- UI layer separated from cryptographic logic
- Core steganography and crypto modules
- No business logic hidden in widgets
- Defensive checks at service boundaries
- Explicit mode handling
- No silent failures
- No nullable crypto assumptions
- Strict linting enabled
- Async-safe UI practices
Status: 🟡 Active Development (Early Stable)
- Core features implemented
- APIs may evolve
- UI/UX improvements ongoing
- Not yet security-audited
- Image selection and preview
- Message embedding with encryption
- Message extraction and verification
- AES-256-GCM encryption
- Password-based key derivation
- Random key generation
- Strict error handling
- Real-time theme switching
- Local-only processing
- No forward secrecy
- No key rotation
- No compression
- Capacity depends on image size
- Not audited by third-party security experts
StegaX is not a replacement for enterprise-grade secure messaging systems.
- Unit and integration tests
- Packet format versioning
- Capacity estimation
- Better extraction diagnostics
- Optional compression
- Performance profiling
- Documentation improvements
- CI with
flutter analyze
StegaX is open source to:
- Enable auditability
- Encourage learning
- Demonstrate clean engineering practices
Security-through-obscurity is intentionally avoided.
MIT License
Provided as-is, without warranty.
Use responsibly.
Karthik Shetty