-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi All
I'd like to be able to edit an encrypted plain text file using vim.
It's blowfish encoded with openssl. I noticed right away that the
contents
could end up in .viminfo, so I started doing some research.
I looked at these pages
http://www.vim.org/tips/tip.php?tip_id=1251
http://www.vim.org/tips/tip.php?tip_id=90
http://www.vim.org/htmldoc/usr_23.html
http://www.vim.org/scripts/script.php?script_id=661
and others trying to figure out the best way to do this.
I see related items listed as 21 and 36 on http://vim.sourceforge.net/
sponsor/vote_results.php
If I use this (untested)
- ----------------
" Transparent editing of bf encrypted files.
" Originally By Wouter Hanegraaff <[EMAIL PROTECTED]>
" with alterations for bf by bmckee
augroup encrypted
au!
" First make sure nothing is written to ~/.viminfo while editing
" an encrypted file.
autocmd BufReadPre,FileReadPre *.bf set viminfo=
" We don't want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.bf set noswapfile
" Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.bf set bin
autocmd BufReadPre,FileReadPre *.bf let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.bf '[,']!openssl bf -d -
salt 2> /dev/null
" Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.bf set nobin
autocmd BufReadPost,FileReadPost *.bf let &ch = ch_save|unlet
ch_save
autocmd BufReadPost,FileReadPost *.bf execute ":doautocmd
BufReadPost " . expand("%:r")
" Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.bf '[,']!openssl enc bf -
salt 2>/dev/null
" Undo the encryption so we are back in the normal text, directly
" after the file has been written.
autocmd BufWritePost,FileWritePost *.bf u
augroup END
- ----------------
The question is (yah I took a long time getting here) where does
decrypted data end up?
It's obviously going to be in ram at some point - I figure that's
unavoidable if I actually want to look at the data :-)
and thus might end up in operating system swap files - I can deal
with that.
Does 'shelling out' using the ! end up writing the data to disc as a
temp file somewhere then unlink it?
If that's the case isn't that really the same as decrypt it using
program A, edit it using program B, then re-encrypt it?
That is fine for this application, otherwise I'd be looking at whole
file system encryption I think.
Is there some other exposure I'm not aware of?
Brian McKee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFE9wmsGnOmb9xIQHQRAoI4AJ9AXqovMNe5v2YTQrs8hsYuVcQyGACeJ1OW
FENk31mDuJ9GTqfQsGbxfXg=
=qXsg
-----END PGP SIGNATURE-----
