Vim Tips Wiki

AES256 encryption in Vim

1,613pages on
this wiki
Revision as of 08:52, March 28, 2012 by JohnBot (Talk | contribs)

This tip is deprecated for the following reasons:

Much of this information is still probably useful, however Vim 7.3 has built in support for Blowfish encryption so this tip is probably not needed by most people.

Tip 1251 Printable Monobook Previous Next

created 2006 · complexity intermediate · author fomit · version 5.7

Install base64 ( and aespipe (

Create a second config file named ~/.cvimrc containing:

set secure
set viminfo=
set noswapfile
set nobackup
set nowritebackup
set history=0
set noshelltemp

function Scramble()
  %!base64 -e | aespipe -e aes256 -T | base64 -e

function Unscramble()
  %!base64 -d | aespipe -e aes256 -d | base64 -d

map <silent> <F7> :call Scramble()<Esc>
map <silent> <F8> :call Unscramble()<Esc>

Create a shell script named cvim (copy it to /usr/bin) containing:

vim -S $HOME/.cvimrc "$@"

Make the new script executable (do this as root, or use ~/bin/ instead of /usr/bin):

$ chmod 750 /usr/bin/cvim

Now you can edit a file with:

$ cvim new_textfile

Type in whatever you like. Press F7 key and type password twice. Then the contents of the file will be encrypted.

To decrypt, press F8 and type password again.

Never save the file while you can see the plain text. Before saving (:w) you should encrypt it first, otherwise there will be traces of the plaintext file on your hard disk.


Also check out the openssl plugin. All you need is Vim and openssl on your system and you can be editing encrypted files right now! Files can be encrypted with most ciphers supported by openssl: aes, blowfish, des3, etc. The cool part is that the plugin transparently handles decryption when you open a file and encrypting it again before you write it. Just do your typical ":wq" and it will ask you for an encryption password before it writes. ... It also has a password safe feature. Now you don't need to install a separate password safe and your password file is encrypted with standard OpenSSL supported ciphers that can later be decrypted with just `openssl` alone -- the original openssl.vim VimScript is not required for decryption. --Noahspurrier 01:30, 26 November 2008 (UTC)

aespipe can be found at

For less secure encryption, see Vim's built-in encryption feature :help encryption.

How about gpg:

$ seq 1 3 > file
$ gpg --cipher-algo aes256 --symmetric file
$ gpg --cipher-algo aes256 --decrypt < file.gpg
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase

How about VimTip1032.

I still prefer script#661.

Use the following (-a does to and from base64 conversion).

openssl aes-256-cbc [-d] -a -in file.txt -out file.aes

I edited the commands to "set noshelltemp" because otherwise Vim uses a temporary file to copy the text to the standard input of aespipe.

I also edited some of the text above to properly use a 'pre' block, and got rid of some superfluous stuff and incorrect comments.

Also note that I prefer:

function Scramble()
  %!gpg -q --cipher-algo aes256 --symmetric --armor 2>/dev/null

function Unscramble()
  %!gpg -q --cipher-algo aes256 --decrypt --armor 2>/dev/null

which works just fine, and uses a single command (which is almost certainly installed already).

Also, use of an alias for cvim might be more suitable than use of a shell script, since the arguments all come at the end of the line anyways. This won't require installing a script as root either; it's probably better for a user that wants to do this to just add the alias to their .bashrc/.bash_profile.

Around Wikia's network

Random Wiki