AES256 encryption in Vim
From Vim Tips Wiki
created 2006 · complexity intermediate · author fomit · version 6.0
Create a second config file named ~/.cvimrc containing:
set secure set viminfo= set noswapfile set nobackup set nowritebackup set history=0 set noshelltemp function Scramble() %!base64 -e | aespipe -e aes256 -T | base64 -e endfunction function Unscramble() %!base64 -d | aespipe -e aes256 -d | base64 -d endfunction map <silent> <F7> :call Scramble()<Esc> map <silent> <F8> :call Unscramble()<Esc>
Create a shell script named cvim (copy it to /usr/bin) containing:
#!/bin/sh vim -S $HOME/.cvimrc "$@"
Make the new script executable (do this as root, or use ~/bin/ instead of /usr/bin):
$ chmod 750 /usr/bin/cvim
Now you can edit a file with:
$ cvim new_textfile
Type in whatever you like. Press F7 key and type password twice. Then the contents of the file will be encrypted.
To decrypt, press F8 and type password again.
Never save the file while you can see the plain text. Before saving (:w) you should encrypt it first, otherwise there will be traces of the plaintext file on your hard disk.
Also check out the openssl plugin. All you need is Vim and openssl on your system and you can be editing encrypted files right now! Files can be encrypted with most ciphers supported by openssl: aes, blowfish, des3, etc. The cool part is that the plugin transparently handles decryption when you open a file and encrypting it again before you write it. Just do your typical ":wq" and it will ask you for an encryption password before it writes. ... It also has a password safe feature. Now you don't need to install a separate password safe and your password file is encrypted with standard OpenSSL supported ciphers that can later be decrypted with just `openssl` alone -- the original openssl.vim VimScript is not required for decryption. --Noahspurrier 01:30, 26 November 2008 (UTC)
aespipe can be found at http://loop-aes.sourceforge.net
For less secure encryption, see Vim's built-in encryption feature :help encryption.
How about gpg:
$ seq 1 3 > file $ gpg --cipher-algo aes256 --symmetric file ... $ gpg --cipher-algo aes256 --decrypt < file.gpg gpg: AES256 encrypted data gpg: encrypted with 1 passphrase 1 2 3
How about VimTip1032.
I still prefer script#661.
Use the following (-a does to and from base64 conversion).
openssl aes-256-cbc [-d] -a -in file.txt -out file.aes
I edited the commands to "set noshelltemp" because otherwise Vim uses a temporary file to copy the text to the standard input of aespipe.
I also edited some of the text above to properly use a 'pre' block, and got rid of some superfluous stuff and incorrect comments.
Also note that I prefer:
function Scramble() %!gpg -q --cipher-algo aes256 --symmetric --armor 2>/dev/null endfunction function Unscramble() %!gpg -q --cipher-algo aes256 --decrypt --armor 2>/dev/null endfunction
which works just fine, and uses a single command (which is almost certainly installed already).
Also, use of an alias for cvim might be more suitable than use of a shell script, since the arguments all come at the end of the line anyways. This won't require installing a script as root either; it's probably better for a user that wants to do this to just add the alias to their .bashrc/.bash_profile.