------------------------------------------------------------------------------- File Encryption and VIM ------------------------------------------------------------------------------- You can create a new vim encrypted file using vim -x filename or while editing a file you use :X vim will write that file using the key it asks for in encrypted form. The key is saved during the editing using the "key" setting, and it will not show the key's value if asked. No password verification is used, so if the wrong password is used you will see binary garbage on the screen. If this is edited and saved it will corrupt the file from the point of edit. To remove the encryption from a vim encrypted file use the command :set key= The file will have file magic of "VimCrypt~" but no special suffixes. The file magic insures that if vim edits the file, it will ask the user for a password to decrypt it for editing. The method by default is 'zip' which is weak. You can change the default to a stronger method using "set cm=blowfish" in your ".vimrc" file while a file is in memory the files encryption method can be changed using ":setlocal cm=blowfish" otherwise it is the same as the encryption used when reading. The encryption method is stored as byte 9 and 10 with the string values of "01" or "02" respectivally. **** Other than this the actual encryption method is not known at this time. So without further research I would not be able to decrypt a vim encryted file with out using vim. **** WARNING: While restore and undo files are encrypted the viminfo file is not. Any command history or buffers may be saved into the viminfo file including cut/paste buffers, and ":set key=..." commands. No method of specifying an external encryption program is provided. IN SUMMARY: I do not recommend using vim built-in encryption. ------------------------------------------------------------------------------- Using an External Program (DIY) You can also directly edit a file encrypted using an external program. For example, using "encrypt" and "encrypt -d" respectivally, for files with a ".enc" suffix... (you could use file magic too) ======8<--------CUT HERE----------axes/crowbars permitted--------------- " " Allow direct editing of Encrypted files " set nocompatible " Use Vim defaults like multi-undo (much better!) " Decrypt/Encrypt a ".kpt", openssl encryted file, using "keepout" " using a PBKDF v2 (salt+count) aes-256-cbc encryption variant. " augroup enc autocmd! autocmd BufReadPre,FileReadPre *.enc setlocal binary autocmd BufReadPre,FileReadPre *.enc set history=0 cmdheight=3 autocmd BufReadPre,FileReadPre *.enc set noundofile noswapfile autocmd BufReadPre,FileReadPre *.enc set nowritebackup viminfo= autocmd BufReadPre,FileReadPre *.enc set encoding=utf-8 fileencoding=utf-8 autocmd BufReadPost,FileReadPost *.enc set shell=/bin/sh shellredir=> autocmd BufReadPost,FileReadPost *.enc '[,']!keepout -d autocmd BufReadPost,FileReadPost *.enc set nobinary cmdheight& shell& autocmd BufReadPost,FileReadPost *.enc exe "doau BufReadPost ".expand("%:r") autocmd BufReadPost,FileReadPost *.enc redraw! " autocmd BufWritePre,FileWritePre *.enc mark z autocmd BufWritePre,FileWritePre *.enc set binary cmdheight=3 shell=/bin/sh autocmd BufWritePre,FileWritePre *.enc '[,']!keepout " autocmd BufWritePost,FileWritePost *.enc silent undo autocmd BufWritePost,FileWritePost *.enc setlocal nobinary autocmd BufWritePost,FileWritePost *.enc set cmdheight& shell& autocmd BufWritePost,FileWritePost *.enc 'z augroup END ======8<--------CUT HERE----------axes/crowbars permitted--------------- The encrypted file as it is only decrypted in the editors buffer in memory. An example "encrypt" command is available in https://antofthy.gitlab.io/software/#encrypt This however has been superseeded by the "keepout" shell script https://antofthy.gitlab.io/software/#keepout You can see the full vim auto-commands I use with these, as well as for pgp, gpg, gzip, and others in... https://antofthy.gitlab.io/software/#encrypt.vim PS: GZipping text files before encryption is a good way to make them smaller. but is an extra step. -------------------------------------------------------------------------------