We describe a general framework for designing and embedding a fingerprint at the physical layer of a wireless network to achieve authentication with enhanced security and stealth. Fingerprint embedding is a key-aided process of superimposing a low-power tag to the primary message waveform for the purpose of authenticating the transmission. The tag is uniquely created from the message and key, and successful authentication is achieved when the correct tag is detected by the receiver. This enables control over performance trade-offs by design, and low-power fingerprints enhance security by making the authentication tags much less accessible to an adversary (Eve). Privacy analysis shows how Eve can be forced into difficult detection regimes, and secrecy analysis demonstrates that Eve’s uncertainty about the secret key is not readily reduced by an increase in her computational ability. In addition, the fingerprint embedding framework easily generalizes to create an authenticated communications side-channel for minimal cost. Side-channel information is conveyed to the receiver through the transmitter’s choice of tag from a secret codebook generated by the primary message and a shared secret key set. A linear coding scheme is introduced which enables tradeoffs among the performance goals of authentication, side-channel rate, secrecy, and privacy. Practical designs are readily achieved, and software-defined radio experiments validate the theory and demonstrate how the use of a set of secret keys for fingerprint embedding can, at minimal cost, allow secret and private side-channel communications, while simultaneously providing authentication with enhanced security.