Vector Vault

Transform any file into encrypted, undetectable SVG images with military-grade security

Comment

Vector Vault

Hiding Data in Plain Sight

Inspiration

"Can we hide data in plain sight, inside a lossless format, where it's obvious that data is hidden but impossible to decrypt without the password or key?"

That single question sparked Vector Vault.

Traditional encryption screams "I'M HIDING SOMETHING" with scrambled gibberish files. Even worse, in many jurisdictions, you can be compelled to decrypt because authorities know encrypted data exists. I wanted something different: full transparency about hidden data, but absolute security.

SVG became the perfect canvas. It's lossless, ubiquitous, XML-valid, and can store data in pixels without breaking compatibility. The result? Files that openly contain encrypted data but are mathematically impossible to crack without the right key.

What it does

Vector Vault transforms any file (PDFs, photos, executables, databases) into encrypted, undetectable SVG images.

The Lock Process:

  1. Select any file and choose a password OR keyfile (any file becomes your encryption key)
  2. Vector Vault encrypts it with AES-256 (100,000 PBKDF2 iterations)
  3. Compresses it (LZMA/Zlib options)
  4. Maps the binary data directly into RGB pixel channels
  5. Embeds it inside valid SVG files with a self-healing "DNA" metadata tag

The Result:

Ordinary-looking SVG images that pass XML validation, open in any image viewer, but contain your encrypted data hidden in pixel channels.

The Unlock Process:

Point to any folder of SVGs - Vector Vault reads the DNA metadata, automatically sorts segments (even if renamed), validates integrity, and perfectly reconstructs your original file.

How we built it

Core Technologies:

  • Python - Cross-platform compatibility
  • Cryptography library (Fernet) - AES-256 encryption
  • PBKDF2HMAC - 100,000 iterations for key derivation
  • Pillow - Pixel-level image manipulation
  • Tkinter - Clean, responsive GUI
  • LZMA/Zlib - Lossless compression options

The Architecture:

  • Multithreaded design - UI stays responsive during large file processing
  • DNA metadata system - Base64-encoded JSON in SVG <desc> tags
  • Binary-to-RGB mapping - Stores 3 bytes per pixel (R, G, B channels)
  • Salt per session - Ensures unique encryption even with same password
# Example of DNA metadata in SVG
<desc id="VAULT_DNA">
eyJ0IjogInBob3RvLmpwZyIsICJpZCI6IDAsICJtIjogInBhc3N3b3JkIiwgInMiOiA...
</desc>

## Challenges we ran into

### 🧩 The Pixel Mapping Puzzle
Early versions broke SVG validity. Solved by meticulously mapping bytes to RGB channels while maintaining XML structure.

### 🧬 The Metadata Dilemma
How to reconstruct files when users rename everything? The **DNA system** evolved through **5 iterations** - now reconstruction works even with randomized filenames.

### ⚖️ Performance vs. Size
LZMA was slow but compact; Zlib was faster but larger. Added **both with user choice**.

| Compression | Speed | Size | Use Case |
|-------------|-------|------|----------|
| LZMA | Slow | Small | Archiving |
| Zlib | Fast | Larger | Quick transfers |

### 🔑 Keyfile Implementation
Making _any_ file (from 1KB text to 4GB video) work as an encryption key was technically complex. The math works because:

$$Key = PBKDF2(FileBinary, Salt, 100000)$$

### ⏱️ The 100,000 Iterations Problem
PBKDF2 is secure but slow. Added progress indicators so users understand the wait.

---

## Accomplishments that we're proud of

✅ **The DNA System** - Most steganography tools break if you rename files. Vector Vault **heals itself**, auto-reconstructing from any folder.

✅ **Military-Grade Security** - AES-256, 100k PBKDF2 iterations, salt per session, Fernet authentication. Not _"roll your own crypto"_ - proper implementation of proven standards.

✅ **Keyfile Innovation** - Your vacation photo becomes **uncrackable key material**. The entropy calculation:

$$Entropy_{bits} = FileSize_{bytes} \times 8$$

A 10MB photo provides **80 million bits** of entropy - mathematically impossible to brute force.

✅ **Valid SVG Output** - Every generated SVG passes XML validation and opens normally in browsers. They look **completely innocent**.

✅ **Multithreaded Performance** - Large files don't freeze the interface. Real-time progress bars keep users informed.

✅ **Zero Data Loss** - After countless tests, reconstruction is always **bit-perfect**. MD5 hashes match exactly:

```bash
Original file:   d41d8cd98f00b204e9800998ecf8427e
Recovered file:  d41d8cd98f00b204e9800998ecf8427e

What we learned

🎨 Steganography is harder than it looks

Hiding data while maintaining file format validity requires deep understanding of both the format and the hiding technique.

🔐 Crypto choices matter

The difference between "encryption" and "secure encryption" is vast. Proper salts, iteration counts, and authentication prevent attacks that naive implementations miss.

👤 UX is security

If the tool is confusing, users make mistakes. Clear progress indicators and error messages prevent data loss.

🧠 The human element is the weakest link

No amount of encryption helps if users lose keyfiles or forget passwords. This shaped the DNA system - making reconstruction foolproof even with messy user behavior.

🔄 Performance tuning is endless

Between compression levels, iteration counts, and multithreading, finding the right balance required extensive benchmarking and user testing.

Built With

  • apis
  • base64
  • cloud-services
  • cryptography
  • databases
  • frameworks
  • lzma
  • pillow
  • platforms
  • python
  • tkinter
  • zlib
Share this project:

Updates