Q. What does Digi-Secret do?
A. Digi-Secret is an application that hides (by means of an encoding algorithm) information inside an image. The information that can be hidden can be in the form of a file, another image or simply some text. The technical name for such procedure is Steganography.
Q. How can I use Digi-Secret?
A. You may use DigiSecret in essentially two ways. Firstly, you may use it to hide confidential information inside unsuspecting images on your own computer to protect it from indiscreet eyes. Or, to stealthily share confidential information with your trusted partners by encoding confidential information inside unsuspecting images and share such images
Q. Is Digi-Secret a backup toolt?
A. Absolutely not. Digi-Secret should be used in addition to your backup tool and should NOT replace it. Digi-Secret should be used to safely store your confidential information in your computer or laptop and/or to securely transmit them by email.
Q. What image formats can I hide in another image?
A. You can use two type of image files: .JPG and .PNG. Make sure secret image size does not exceed 2 MB
Q. What file formats can I hide in another image?
A. Word, Excel, CSV, TXT, PDF, GIF, MP3, short MP4… and more. Make sure secret file size does not exceed 2 MB
Q. What is DGSphoto ?
A. This is the name displayed by Digi-Secret on your computer. The idea is to attract the least possible attention (i.e. keep a low profile). DGSphoto sounds like a generic photo viewer and does not suggest any secret application.
Q. Can I try it for free?
A. Yes. The free installer comes with a 14 day trial period (or a maximum of 42 application boot-up, whichever comes first). During this period, you may encrypt/decrypt and share with up to three persons as many secrets as you want. At the end of the trial period, you will not be able to encrypt new secrets. You will always be able to decrypt existing secrets (there is no time limit for decoding existing secrets)
Q. How much does Digi-Secret cost.
To encrypt secrets after the expiration of the trial period a license is required. Licenses have a validity of one year, the price varies depending on the number of people with whom you can share secrets. Important: you will always be able to decrypt old secrets once your license expires.
Q. How can I exchange secrets hidden in images?
A. This must be done independently and separately from Digi-Secret. Usable means include, email, USB drive, Drop Box, We Transfer … etc. etc. Important: do not compress an image containing a secret as the compression process will destroy the secret (social media apps tend to compress images, avoid sending encrypted images via social media).
Q. Once my license expires will be able to decrypt secrets?
A. Yes. You will always be able to decrypt secrets generated prior to the expiry date of you license. However, you will not be able to encrypt new secrets nor decrypt secrets generated by someone else after the expiry of your license.
Q. How difficult is it to break Digi-Secret encoding?
A. The short answer is very, very, very difficult. Taking into consideration that Digi-Secret encrypts all secrets using SHA256 algorithm, let’s elaborate this short answer according to the following two scenarios:
1) The attacker has complete access to one or more pictures containing a secret.
2) The attacker has complete access to pictures containing secrets as well to your computer, on which you run Digi-Secret.
For scenario 1) the attacker must know (or assume) that secrets are hidden inside images. A low-level attacker, most likely, would not even consider examining a picture. A sophisticated hacker on the other hand, by means of forensic analysis of the picture, will be able to guess that the image contains some extra information. However, without the decryption key it would be impossible to decrypt the secret. Your secret is very safe!
For scenario 2) a sophisticated attacker could follow two strategies: scan the computer hoping to retrieve the password that gives access to Digi-Secret application or reverse engineer (decompile) Digi-Secret application to retrieve the encryption key.
Assuming the attacker finds the password (which is stored in hashed format SHA256) the success of this first strategy very much depends on the quality of the password you have set. Silly passwords such as, for example, passwords made up of six lowercase characters can be decrypted in a fraction of a second. However, good quality passwords (series of twelve characters comprising a mix of upper and lower-case letters, numbers, special characters … etc. etc.) become almost impossible to decrypt. Here you can find some indications of how passwords safety as a function of the number of characters used
As for what concerns the second strategy, reverse engineering software is certainly doable. For this reason, the sensitive parts of Digi-Secret software (the ones handling the encoding, license and password) are written and compiled in C++. Most experts would agree that such components cannot be reverse engineered since the original source code is not contained in the executable.
Q. Any tips for enhancing security?
A. We recommend installing Digi-Secret application on a thumb drive and store encrypted images (the ones containing the secrets) on your laptop/PC or vice-versa. The idea here is to keep the images separate from Digi-Secret application.
Q. What is SHA256?
A. SHA-256 (256 bit) is part of SHA-2 set of cryptographic hash functions, designed by the U.S. National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard (FIPS). A hash function is an algorithm that transforms (hashes) an arbitrary set of data elements, such as a text file, into a single fixed length value (the hash). The computed hash value may then be used to verify the integrity of copies of the original data without providing any means to derive said original data. Irreversible hash values may be freely distributed, stored and used for comparative purposes. SHA stands for Secure Hash Algorithm.
Q. Is the e version compatible with MAC OS.
A. Not yet.
Q. Why do you need my email?
A. Two reasons only. For your own protection, we entertain requests for password reset only by email sent from an email address linked to the purchase of a license. Second, we will communicate via email if/when a software upgrade becomes available so that you may upgrade your application.
Q. Do I need to give credit cards details to download the free trial?
A. No. The installer is absolutely free. You may download it in full anonymity directly from our cloud.
Q. Do I need internet connectivity to use Digi-Secret?
A. No. The encoding and decoding process is done on your machine.
Q. Can I use Digi-Secret to exchange images or messages?
A. No. We tried our best to reduce as much as possible the “footprints” of secrets you encrypt, therefore we did not add a communication functionality to Digi-Secret. The exchange of images containing secrets must be done by other means, for example, by email.
Q. How can I share secrets with another person, for example, my friend Alice?
A. If you want Alice, to be able to decrypt your secrets encrypted using Digi-Secret, you will have to:
- Ask Alice to download Digi-Secret free installer (which comes with a 7 day free license).
- On your side, using Digi-Secret app, you will have to prepare a request for invitation package (a file with extension .DGFpak) and sent it via email to Alice.
- Using Digi-Secret app, Alice will then need to “accept” your invitation request. Once she does that, she will be able to decrypt your secrets.
Q. How can I upgrade the application?
A. When an upgraded version is released (you will be informed by email) you should download the new installer and simply repeat the installation process with the following difference.