created July 17, 2001 · complexity intermediate · author Erhan · version 5.7
This tip is deprecated for the following reasons:
Vim 7.3 introduces built-in Blowfish encryption, a much better algorithm, which is not mentioned at all in this tip.
You can encrypt your texts by using vim. :X prompts for an encryption key.
After writing your key, if you save your document it will be encrypted and no one else (but you and vim) can read your documents.
If you reopen the file, VIM will ask for the key.
If you want to disable encryption, just type
:set key=
If you forget your key you will lose your document. So please DO NOT forget your key,
Comments
The below was fixed in at least version 7.1. Vim asks twice during initial encryption:
Enter encryption key: ** Enter same key again: **
Careful!
Vim asks only once for the password -- if you happen to mistype it -- then good luck finding out what you mistyped. Was that fixed in newer releases?
You can also use external encryption software. I use some autocmds with pgp version 2.6.2 (because source is available and I'm in the US of A). The pgp call for writing uses PGP's "conventional" cryptography; to use its public key cryptography, use
pgp -fe userid
instead.
augroup PGP au! au BufReadPost *.pgp :%!pgp -f au BufWritePre *.pgp :%!pgp -fc au BufWritePost *.pgp u augroup END
Be aware that Vim's encryption system is not very strong. From the help files for Vim 6.0-ar:
The algorithm used is breakable. A 4 character key in about one hour, a 6 character key in one day (on a Pentium 133 PC). This requires that you know some text that must appear in the file. An expert can break it for any key. When the text has been decrypted, this also means that the key can be revealed, and other files encrypted with the same key can be decrypted.
Probably will keep your files safe from most hackers, but look elsewhere (see prev. post on external programs) if your information is extremely valuable.
the password is asked twice in 6.0 release so it becomes a little less dangerous
I read somewhere that .swp files ARE NOT encrypted .... Is this true ?
Encrypt your document with an empty password to remove the encryption.
Here's one i found via google. It seems to work well for me.
" Transparent editing of gpg encrypted files.
" By Wouter Hanegraaff
augroup encrypted
au!
" First make sure nothing is written to ~/.viminfo while editing
" an encrypted file.
autocmd BufReadPre,FileReadPre *.gpg set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.gpg set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.gpg set bin
autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.gpg set nobin
autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-recipient-self -ae 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.gpg u
augroup END
Although, I use tcsh as my shell so the "2>/dev/null" made my shell sad. I had to create a "gpg.sh" script which would do the stderr redirection which looked like this:
---------------- #!/bin/sh gpg "$@" 2>> .gpg.err ----------------
And then change the two lines of the lines in the .vimrc snippet from above that actually do the GPG encryption/decryption to:
autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg.sh --decrypt autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg.sh --default-recipient-self -ae
And everything works great.
Be aware, however, that Vim uses temporary files (rather than pipes) when filtering data through external programs, so the fully decrypted file will be written to disk twice: Once when reading from gpg --decrypt Once when writing to gpg --encrypt
(And perhaps another time if your OS has unencrypted swap files.)
Here is working autocmd for ccrypt: note that it uses the environment variable, which can be dangerous on older multiuser systems (cf man ccrypt).
augroup CPT
au!
au BufReadPre *.cpt set bin
au BufReadPre *.cpt set viminfo=
au BufReadPre *.cpt set noswapfile
au BufReadPost *.cpt let $vimpass = inputsecret("Password: ")
au BufReadPost *.cpt silent '[,']!ccrypt -cb -E vimpass
au BufReadPost *.cpt set nobin
au BufWritePre *.cpt set bin
au BufWritePre *.cpt '[,']!ccrypt -e -E vimpass
au BufWritePost *.cpt u
au BufWritePost *.cpt set nobin
augroup END
Couple of tips if using the ccrypt script.
On Windows, change the $vimpass variable to $VIMPASS since for some reason windows doesn't like the lowercase variable.
I don't know if this one is only for windows, but what I did was to 'touch test' followed by 'ccrypt -e test' and that created the file test.cpt. I was then able to open it in Vim and have it working correctly.