

Vim blowfish encryption - dgl
https://dgl.cx/2014/10/vim-blowfish

======
iatrou
I use gpg to work around vim's encryption inconsistencies across different
versions. This vimrc does the trick for me:
[https://gist.github.com/iatrou/9da751368aecdf0a37f1](https://gist.github.com/iatrou/9da751368aecdf0a37f1)

------
gcb4
while reading this the only thing on my mind is how un-vim that feature is.

i would expect an hex editor mode would make much more sense to be added
before they went to such shenanigans feature such as frivolous encryption.
which can be trivial to use the Unix way... the way hex editing must be done
for great pains btw.

~~~
agwa
I don't see how you can justify hex editing without justifying encryption. In
both cases, you can either do a conversion with a separate tool outside of the
editor, edit the converted text, and then covert it back, or have the
conversion logic integrated into the editor.

I would argue that, encryption, if implemented properly, is best integrated
into the editor because the editor can be sure to store the clear text in
mlock'd memory and avoid leaking clear text in other ways (such as into
~/.viminfo). If you have to decrypt with a separate tool, the clear text hits
the disk and the editor doesn't know to be careful with it. These are concerns
that aren't present with hex editing.

I have no idea if vim is this careful though and sadly I wouldn't count it.

~~~
nknighthb
The editor doesn't have to do crypto itself to know it's dealing with
sensitive content. A somewhat overblown concern in the age of encrypted swap,
anyway.

Cleartext doesn't have to be saved to disk for a separate tool to be used. You
can pretty much use GPG from vim as-is just by piping the buffer through it:
":%!gpg -e -a -r yourself" and ":%!gpg -d". The vim GPG plugins can take care
of the remaining annoyances.

~~~
agwa
It's not just swap (I don't think encrypted swap is that common anyways) but
also the viminfo and swp files.

The UX for vim's encryption is really good - it's convenient and easy to use.
Any replacement would need to be equally easy and well-integrated. If you
require users to do manual steps, like type commands or remember to tell vim
that it's editing sensitive content, then mistakes will be made that harm
security. If the plugin interface can provide a sufficient level of
integration, that's great and would be a good alternative to building crypto
into vim itself.

~~~
nknighthb
Every OS has supported encrypted swap for some time now. It's the default on
Macs since Mountain Lion and either the default or a checkbox away on popular
Linux distributions. It's a single terminal command in Windows, and encryption
of everything is default in Windows 8.1 with a TPM 2.0 module.

They all support general disk/filesystem encryption, too. If you're
technically minded enough to be using vim and trying to encrypt files with it,
and you're not using an encrypted filesystem to start with, you're pretty
nuts.

The core UX for gnupg.vim is open .gpg/.pgp/.asc file, be automatically
prompted for passphrase (unless file is new), edit file, save (be prompted for
recipients if new). Done.

You're obviously going to have to complain to the vim maintainers about
sensitive content. There's been a patch floating around for over a decade to
get vim to support mlock. Its blowfish encryption is certainly no safer than
gnupg.vim in that regard. gnupg.vim does turn off the
viminfo/swapfile/undofile functionality.

~~~
agwa
> The core UX for gnupg.vim is open .gpg/.pgp/.asc file, be automatically
> prompted for passphrase (unless file is new), edit file, save (be prompted
> for recipients if new). Done.

> gnupg.vim does turn off the viminfo/swapfile/undofile functionality.

Thanks. That is excellent UX and knowing that I can agree it's what people
should use instead of the built-in encryption.

------
RexRollman
I am beginning to think Vim has too many features. And it must be hell
managing that codebase.

~~~
jupbarrera
That is why neovim maintainers decided to remove encryption from the codebase.

check
[https://github.com/neovim/neovim/issues/694](https://github.com/neovim/neovim/issues/694)
and
[https://github.com/neovim/neovim/pull/699](https://github.com/neovim/neovim/pull/699)

~~~
sigzero
No, this is one thing I love Vim for and use it. It is fixed going forward. It
is the only x-platform one that isn't messy at some point.

~~~
nezza-_-
Have you actually looked at the Vim codebase?

------
xorcist
Can anybody with knowledge of vim see if the GPG plugin at vim.wikia.com is
secure with regards to mlock?

It is what I currently use. Very convenient. I never trusted something editor-
specific.

