Stellwag.eu

Vim is able to write files encrypted, and read them back. The encrypted text cannot be read without the right key.

Note: The swapfile and text in memory is not encrypted. A system
administrator will be able to see your text while you are editing it.
When filtering text with “:!filter” or using “:w !command” the text is not
encrypted, this may reveal it to others.

WARNING: If you make a typo when entering the key and then write the file and exit, the text will be lost!

The normal way to work with encryption, is to use the “:X” command, which will ask you to enter a key. A following write command will use that key to encrypt the file. If you later edit the same file, Vim will ask you to enter a key. If you type the same key as that was used for writing, the text will be readable again. If you use a wrong key, it will be a mess.

:X Prompt for an encryption key. The typing is done without showing the actual text, so that someone looking at the display won’t see it. The typed key is stored in the ‘key’ option, which is used to encrypt the file when it is written. The file will remain unchanged until you write it. See also |-x|.

The value of the ‘key’ options is used when text is written. When the option is not empty, the written file will be encrypted, using the value as the encryption key. A magic number is prepended, so that Vim can recognize that the file is encrypted.

To disable the encryption, reset the ‘key’ option to an empty value:

:set key=

When reading a file that has been encrypted and this option is not empty, it will be used for decryption. If the value is empty, you will be prompted to enter the key. If you don’t enter a key, the file is edited without being decrypted.

If want to start reading a file that uses a different key, set the ‘key’ option to an empty string, so that Vim will prompt for a new one. Don’t use the “:set” command to enter the value, other people can read the command over your shoulder.

Since the value of the ‘key’ option is supposed to be a secret, its value can never be viewed. You should not set this option in a vimrc file.

An encrypted file can be recognized by the “file” command, if you add this line to “/etc/magic”, “/usr/share/misc/magic” or wherever your system has the “magic” file:

0 string VimCrypt~ Vim encrypted file
Notes:

• Encryption is not possible when doing conversion with ‘charconvert’.

• Text you copy or delete goes to the numbered registers. The registers can be saved in the .viminfo file, where they could be read. Change your ‘viminfo’ option to be safe.

• Someone can type commands in Vim when you walk away for a moment, he should not be able to get the key.

• If you make a typing mistake when entering the key, you might not be able to get your text back!

• If you type the key with a “:set key=value” command, it can be kept in the history, showing the ‘key’ value in a viminfo file.

• There is never 100% safety. The encryption in Vim has not been tested for robustness.

• The algorithm used is breakable. A 4 character key in about one hour, a 6 character key in one day (on a Pentium 133 PC). This requires that you know some text that must appear in the file. An expert can break it for any key. When the text has been decrypted, this also means that the key can be revealed, and other files encrypted with the same key can be decrypted.

• Pkzip uses the same encryption, and US Govt has no objection to its export. Pkzip’s public file APPNOTE.TXT describes this algorithm in detail.

• Vim originates from the Netherlands. That is where the sources come from.

Thus the encryption code is not exported from the USA.
[/CUT]