Editing GPG-encrypted files in Vim

Update 2012-03-06: gnupg.vim now has a new maintainer. Link updated.

I’m always looking for a better way to digitally store private data, like passport numbers, credit cards, and server root passwords. Unfortunately, good encryption is hard to find. I have yet to find a solution better than “GPG-encrypted text files edited with a secure editor”. For five years I’ve used KGpg‘s built-in text editor for this, but it has a number of limitations. Today, I discovered that I can do it natively within Vim.

Start by downloading the gnupg Vim plugin. Copy this file to ~/.vim/plugin.

mkdir -p ~/.vim/plugin/
cd ~/.vim/plugin/
wget http://www.vim.org/scripts/script.php?script_id=3645

Now you need to set an environment variable. Add this to ~/.bashrc or some place sourced by your shell.

export GPG_TTY=`tty`

You can now use the plugin, but you’ll probably want to set some defaults. These tell the plugin to prefer ASCII-armored files, and sets your default recipient list. Both only apply to newly-created files. Add this to ~/.vimrc.

let g:GPGPreferArmor=1
let g:GPGDefaultRecipients=["name@example.com"]

You can now open, edit, and save encrypted files transparently. They must have a “.gpg”, “.pgp” or “.asc” suffix.

vim test.asc

GPG: ----------------------------------------------------------------------
GPG: Please edit the list of recipients, one recipient per line.
GPG: Unknown recipients have a prepended "!".
GPG: Lines beginning with "GPG:" are removed automatically.
GPG: Data after recipients between and including "(" and ")" is ignored.
GPG: Closing this buffer commits changes.
GPG: ----------------------------------------------------------------------
Alice Mallory <name@example.com>             (ID: 0x13DF7065B198DDCC created at Tue 10 Aug 2010 15:52:29 UTC)
~                                                                                                     
~                                                                                                     
~                                                                                                     
~                                                                                                     
GPGRecipients_test.asc                                                              8,1            All

:wq

Enter your data.

Here is my data.

:wq

Quit and it will be encrypted.
cat test.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)

hQIOA0jvXUCszfqLEAf8DRIhhYZNdjZEGvHbfS7hiUt8Qg4ZWVg1w73czE+lJ9oI
yMP89HeG5YKVTNkBT1/1jqANsIb2sY5eAnGlS4/hbFi+ClCQQuT5wPq2AKtSuNxO
D3yLjs0bG5EtF/3Ib/+cETH/nkl0jEIEPOrwuL4kr0SFrl+yypo6CZHfp1WCAsaH
IdhNrj813tzsM/+gvjv7lhDbL7GjTtU0sNDeb0dDvmsUtsYCiNt7/SNz7wZebdBb
q8O4WP2tCSdTrZeWNvG5HBu8tpZKhNsfel2elwZOyvo+auxjHz22HJ7PpQfBsrAR
uRiIlqyrRjeScQ/FwSgTuVaNTbp4XNPG2XWyeWVt2ggAjuloz4j5n3P2UCBS2hiS
SHBtWIGVQDLFY2LeBCcSuhl9YT74M9ucPUN6ya79cdW4JpnekaID5xKjlDHAfdT6
cnkoPSoCZ8b4zkeT0UAeyT4SBRqYyNtdusUJ9AEfBCQi9oSnh0WGpP2BjWatzPTA
OYY0kKRclhjmRrPrBko8G7MDzQMSGgj/H52Mk5VJWxrUU8l4QnlmbeTo0dBWFo0t
nC+kFcirSyWByUF/MGidL6i5XNBq/POp5OpjX3YWwjqhelvB8g4MJYSiWKpKNpnG
rHbUIbH5g/8C2PVwvaHlnBMkLIBwnLANfD0x+h/1NiukJbPa1Jb8MCmsPzHwkmTL
jsknv+BdY5weVx4+TPLIyRpH5UWiqSj9U5/mxEPHXuMZ5ClwnQwCbva+
=Ulzh
-----END PGP MESSAGE-----

gpg -d test.asc

Here is my data.

As always, using gpg-agent is a good idea. If you’re using Ubuntu, you are probably already doing this.

Tags: , ,

  1. Adam’s avatar

    Cool tip, thanks. I got this working after far too long fighting to solve a problem with gpg-agent on ubuntu netbook edition. It turns out the window manager (or specifically maximus) causes pinentry to seg fault before you can enter your passphrase.

    I finally found a workaround here: https://bugs.launchpad.net/ubuntu/+source/pinentry/+bug/162585

    Reply

    1. Tyler Wagner’s avatar

      There is a work-around in that bug report. You might also try pinentry-qt, although I doubt that will behave differently.

      Reply

      1. Adam’s avatar

        Yes, the workaround works fine. I just thought I’d leave a link here in case it saves somebody else some time with the same issue. (And to release some frustration at an annoying bug!)

        Reply

      2. felipe’s avatar

        vim -x file; and you’re done! that’s all you need.

        Reply

        1. Tyler Wagner’s avatar

          VimCrypt is not cryptographically secure. It is not a suitable replacement for GPG.

          Reply

        2. Monty Cantsin’s avatar

          tnx tyler. – this is nice indeed!
          rgrds, mc

          Reply

Reply to Adam Cancel reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.