Well it’s time again for the Vim Tip of the Week. If you missed the previous few tips you might want to look here, here, here. Otherwise let’s get to the good stuff.
vim encryption
If you’ve been a long time reader of this blog you know I’m all about encryption. I still have a lot to learn about it, but I like to use it whenever I can. Encrypting emails. Encrypting network traffic, and with vim, encrypting documents.
From the man page:
Use encryption when writing files. Will prompt for a crypt key.
To encrypt a document with vim open the new or existing file with:
vim -x [file]
This will prompt you for a passphrase, and only apply the encryption when writing a file. ie; if you don’t save it or ‘w’rite the file it won’t be applied. Use any passphrase you like and the file will be encrypted to that string. Anytime you open the file after this, even using the normal open method (vim [file]) it will prompt for the password before showing any file contents.
Enjoy a bit more privacy on your machine, and easily encrypt your files with vim.
Hey, what encryption algorithm is used? DES? AES? RSA? And, any way to have it encrypt to your GPG public key?
Great idea,
Cheers,
Ryan
Ryan – it uses the same encryption algo as Pkzip. If you’d like to encrypt something with your GPG you’d use a different command (outside of Vim completely):
gpg -er [user] [file]
which will create a new file [file].gpg
…you’ll have to delete the original.
to unencrypt use:
gpg [file].gpg
which then writes [file]
It’s more secure using GPG, but not quite as flexible (in my opinion) as the vim encryption option.
Isn’t it always that trade off? Powerful encryption vs ease of use.
The pkzip encryption was broken over a decade ago! If you want it to be “flexible”, maybe you shouldn’t use encryption at all; it will be about as secure as this!
Anonymous coward – it’s by no means supposed to be the end-all method of security. I didn’t post it as full drive encryption, unbreakable encryption or anything of the like. It is simply the built-in encryption included with vim and it *is* better than a plain text file for casual snoopers.
I’ve used vim -x for quite a while. I’ve just moved to a new Ubuntu 7.0.4 box after years on Suse. I was unpleasantly surprised to find that vim under Ubuntu did not have the encrypt option.
> vi -x test.txt
VIM – Vi IMproved 7.0 (2006 May 7, compiled May 22 2007 21:10:57)
Unknown option argument: “-x”
More info with: “vim -h”
Running vim -h, indeed, showed there is no -x option. The man page, however, does list it.
Do you have any idea what’s up with this?
@ K Lars Lohn – running “vim –version” on my machine I get the following:
“VIM – Vi IMproved 7.1 (2007 May 12, compiled Jul 16 2007 17:22:49)”
I wonder if you are using a previous release on a previous version of ubuntu. Perhaps try installing the vim-full package and see if that gives you any additional features
I did:
>sudo apt-get install vim-full
> …
>vim –version
VIM – Vi IMproved 7.0 (2006 May 7, compiled May 22 2007 21:25:19)
Included patches: 1-164, 234-235
and now I have my precious “-x” feature back.
The offending version of vim was installed by default in a default fresh install of Ubuntu 7.0.4. This was not an upgrade. I’m kind of at a loss in trying to figure out why they would bother to have a crippled version at all.
Thanks for your suggestion. You got me moving again…
I used vi -x to create a encrypted file. I ftp’ed to a different machine. I am not able to open the using same passphrase. Is there a known issue ??
we can encrypt files using vim -x,but how to decrypt the same file and get back it to normal form?
@sylesh: Open the encrypted file in vim using your old pass phrase. Now type :X and enter an empty pass phrase. Type :w and the file will be saved unencrypted.
@K Peterson
Awesome, that’s just what I was looking for… now what would be really cool: if you could `grep` or even `less` the encrypted file, have grep figure out (on its own) that its encrypted and then ask you for the passphrase right at the command line!
–eg:
a crypted file containing “bum blah bum”
file ./test
./test: Vim encrypted file data
grep ‘blah’ ./test
grep: enter passphrase: *****
bum blah bum
—
I think that’d be awesome for keeping passwords/usernames stored (save me from having to `mcrypt -d`, grep the resulting file, then delete the decrypted version again.
any thoughts? (maybe even some sort of ease-integration with ascii files that have been crypted with `mcrypt`??)
Here is more information about it: http://vim.wikia.com/wiki/Encryption