[author here] Indeed it may be so by looking outside as a black box.
But, let me emphasize that there is no data stored in the backend database. Just user credentials and steganogprahy key. This key is crucial to extract data.
Hidden data is stored only in the image. Without access to it, server cannot extract the hidden data.
[author here] Visualenv is a use case of a backend steganograpy engine. The main job is done in the backend.
A: The usage may not be clear from the samples. Let me explain step-wise:
1. Client sends text data to the backend to hide it in an image
2. Server;
2.1 Randomly creates a host image
2.2 Hides data in the image making use of the client's steganogprahy key in that is available in its database
2.3 Returns the stego image filename to the user (a unique name)
3. Client downloads stego image to its local.
4. Client extracts hidden data in an image by either:
4.1. Uploading image
4.2. Sending filename (assuming user let it be saved in the server)
P.S. Another user in the server cannot extract the hidden data since he cant access owner's stego key.
B: Steganographic operations are performed in the backend. Client host just waits for the result.
[author here] The lack of explanation naturally causes some misunderstanding, sorry for that.
Let me clarify the main points:
1. Data is stored in only the image, not backend server. Octomim is a proprietary solution that provides a REST API. One can use standalone applications like steghide, etc.
2. Using a backend server like Octomim is useful since it provides key management. The key used for steganography stored securely in the server and is not propagated to any where. Key of the steganography algorithm is crucial to prevent extraction without knowledge of it. This enables the user to extract hidden data from anywhere with the image and his authentication information only.
3. Storing env variables in an image can be considered as a complementary security measure for securely storing them. You can transfer them anywhere (store in github, etc.) but without access to backend server no one can read the hidden data. As a matter of fact, attackers even won't be aware of the existence of hidden data.
4. 'Visualenv' is just an application scenario of this scheme. It can be considered as a hacker tool or if you are willing to build a secure variable distribution system it can provide additional level of security by obscurity.
But, let me emphasize that there is no data stored in the backend database. Just user credentials and steganogprahy key. This key is crucial to extract data.
Hidden data is stored only in the image. Without access to it, server cannot extract the hidden data.