AES256 encryption in Vim

Please review this tip:

• This tip was imported from vim.org and needs general review.
• You might clean up comments or merge similar tips.
• Add suitable categories so people can find the tip.
• Please avoid the discussion page (use the Comments section below for notes).
• If the tip contains good advice for current Vim, remove the {{review}} line.

Previous Tip • Next Tip

Tip: #1251 - AES256 encryption in Vim

Created: June 6, 2006 2:36 Complexity: intermediate Author: fomit-frame-pointer Version: 5.7 Karma: 13/8 Imported from: Tip#1251

1. install base64 (http://www.fourmilab.ch/webtools/base64/) and aespipe (http://www.fourmilab.ch/webtools/base64/)

2. create a second config file named ~/.cvimrc and put the following in it:

##########cvimrc start###########

set secure

set viminfo=

set noswapfile

set nobackup

set nowritebackup

set history=0

function Scramble()

%!base64 -e

Comments

aespipe can be found at: http://loop-aes.sourceforge.net

sorry, messed things up with clipboard. :)

fomit-frame-pointer--AT--gentoo.org , June 6, 2006 7:26

---

Good tip! For less secure encryption (how less secure I'm not sure), see vim's built-in encryption feature:

:help encryption 

niklasl , June 6, 2006 10:29

---

How about gpg:

$ seq 1 10 > file $ gpg --cipher-algo aes256 --symmetric file ...

$ gpg --cipher-algo aes256 --decrypt < file.gpg gpg: AES256 encrypted data gpg: encrypted with 1 passphrase 1 2 3 4 5 6 7 8 9 10

Anonymous , June 6, 2006 17:22

---

How about VimTip1032

anon , June 6, 2006 23:11

---

first, as soon as you type $ seq 1 10 > file, there will be traces of plain text file on your disk, which can be extracted with tools like dd. so it is better if encryption can be done within the vim buffer (~~ a pipe). gpg outputs console messages together with the (de/)encrypted text, so you rather have to use ":%!gpg --cipher-algo aes256 --symmetric 2>/dev/null", which is rather ugly, imho. and even if you do that i noticed that you get the same errors like in openssl. where openssl declares a "bad decrypt" message block within the decrypted message, gpg gives you something like this:

#### start of file #### gpg: AES256 encrypted data gpg: encrypted with 1 passphrase gpg: WARNING: encrypted message has been manipulated! <here is the vim buffer><trailing garbage> ####end of file####

i believe it must be the password length which causes this problem. aespipe in this very particular case _forces_ secure password use by setting the minimum(!) password length to 20 characters.

as i said, if ANYONE finds out a way to en/decrypt the vimbuffer with no need to write tmp-files and which doesnt produce decrypt garbage/problems please post another tip.

bye.

Anonymous wrote:

# How about gpg: # # $ seq 1 10 > file # $ gpg --cipher-algo aes256 --symmetric file # ... # # $ gpg --cipher-algo aes256 --decrypt < file.gpg # gpg: AES256 encrypted data # gpg: encrypted with 1 passphrase # 1 # 2 # 3 # 4 # 5 # 6 # 7 # 8 # 9 # 10

fomit-frame-pointer--AT--gentoo.org , June 7, 2006 3:06

---

the main theme that i tried to get through in this tip was "done easy". ;-)

i just wanted to post something uncomplicated, particurlaly for (vim/linux) beginners, whereas i dont understand a single line in tip #1032.

anon wrote: # How about VimTip1032

fomit-frame-pointer--AT--gentoo.org , June 7, 2006 4:40

---

I still prefer http://www.vim.org/scripts/script.php?script_id=661

Anonymous , June 7, 2006 11:25

---

openssl aes-256-cbc [-d] -a -in file.txt -out file.aes

-a does to and from base64 conversion.

Anonymous , June 9, 2006 17:18

---