Hide a Secret Message in an Image - Steganography | Vajba
Drop an image here
or tap to browse your files
JPG, PNG, WebP, HEIC - export is always PNG
Choose image
×
Secret message
Password optional
With a password the message is encrypted with AES-256. Without one it is only hidden, so anyone with this tool could read it.
Short passwords are easier to guess. A longer one protects the message better.
Hide message & download PNG
Message hidden and PNG saved. To keep it intact, send the image as a file or document. Sending it as a photo in chat apps recompresses it and destroys the message.
This image has a hidden message.
Hidden message
Copy
Hide a new message in this image instead
This message is password-protected.
Password
Reveal message
Hidden message
Copy
Hide a new message in this image instead
How does this work?
The short version
This tool hides your message inside the picture itself. The image looks exactly the same as before, but your words are tucked invisibly into it. Whoever you send it to simply drops the image on this page to read them.
Add a password and the message is also locked, so only someone who knows the password can open it. Nothing is uploaded anywhere. The picture and the message stay on your own device the whole time.
One thing to remember: send the downloaded image as a file or document. Sending it as a regular photo in a chat app usually squeezes the image, and that wipes the message out.
For the nerds
Your text is written into the least significant bit of the red, green, and blue values of the image's opaque pixels (LSB steganography), so no color channel shifts by more than 1 out of 255. With a password, the message is first encrypted with AES-256-GCM, using a key stretched from your password with 600,000 rounds of PBKDF2, and the header is authenticated along with the ciphertext. A wrong password or a tampered file fails cleanly instead of producing plausible nonsense.
Every export is decoded again and compared byte for byte before the download starts, so a browser that alters pixels while saving can never hand you a broken image. Exporting also strips the original photo's camera and location (EXIF) data, and everything runs in your browser: no uploads, no storage, no accounts.
The export is always PNG on purpose. PNG is lossless, so the hidden bits survive, while JPEG re-compression or a screenshot destroys them. And to be honest: a password protects what the message says, but steganalysis tools can still tell that an image was modified. This is built for playful, private secrets between friends, not for hiding things from forensic analysis.
Say hi at [click to reveal email]