sponsor Vim development Vim logo Vim Book Ad

gnupg.vim : Plugin for transparent editing of gpg encrypted files.

 script karma  Rating 265/89, Downloaded by 4536    Comments, bugs, improvements  Vim wiki

created by
James McCoy
 
script type
utility
 
description
This script implements transparent editing of gpg encrypted files. The filename must have a ".gpg", ".pgp" or ".asc" suffix. When opening such a file the content is decrypted, when opening a new file the script will ask for the recipients of the encrypted file. The file content will be encrypted to all recipients before it is written. The script turns off viminfo and swapfile to increase security.

This is a continuation of the work initially done by Markus Braun in vimscript #661.  Development takes place at https://github.com/jamessan/vim-gnupg.

Commands:

  :GPGEditRecipients
    Opens a scratch buffer to change the list of recipients. Recipients that
    are unknown (not in your public key) are highlighted and have
    a prepended "!". Closing the buffer makes the changes permanent.

  :GPGViewRecipients
    Prints the list of recipients.

  :GPGEditOptions
    Opens a scratch buffer to change the options for encryption (symmetric,
    asymmetric, signing). Closing the buffer makes the changes permanent.
    WARNING: There is no check of the entered options, so you need to know
    what you are doing.

  :GPGViewOptions
    Prints the list of options.

Variables:

  g:GPGExecutable
    If set used as gpg executable, otherwise the system chooses what is run
    when "gpg" is called. Defaults to "gpg".

  g:GPGUseAgent
    If set to 0 a possible available gpg-agent won't be used. Defaults to 1.

  g:GPGPreferSymmetric
    If set to 1 symmetric encryption is preferred for new files. Defaults to 0.

  g:GPGPreferArmor
    If set to 1 armored data is preferred for new files. Defaults to 0.

  g:GPGPreferSign
    If set to 1 signed data is preferred for new files. Defaults to 0.

  g:GPGDefaultRecipients
    If set, these recipients are used as defaults when no other recipient is
    defined. This variable is a Vim list. Default is unset.

  g:GPGUsePipes
    If set to 1, use pipes instead of temporary files when interacting with
    gnupg.  When set to 1, this can cause terminal-based gpg agents to not
    display correctly when prompting for passwords.  Defaults to 0.

  g:GPGHomedir
    If set, specifies the directory that will be used for GPG's homedir.  This
    corresponds to gpg's --homedir option.  This variable is a Vim string.

Known Issues:

  In some cases gvim can't decrypt files

  This is caused by the fact that a running gvim has no TTY and thus gpg is
  not able to ask for the passphrase by itself. This is a problem for Windows
  and Linux versions of gvim and could not be solved unless a "terminal
  emulation" is implemented for gvim. To circumvent this you have to use any
  combination of gpg-agent and a graphical pinentry program:

    - gpg-agent only:
        you need to provide the passphrase for the needed key to gpg-agent
        in a terminal before you open files with gvim which require this key.

    - pinentry only:
        you will get a popup window every time you open a file that needs to
        be decrypted.

    - gpgagent and pinentry:
        you will get a popup window the first time you open a file that
        needs to be decrypted.
 
install details
Copy the gnupg.vim file to the $HOME/.vim/plugin directory. Refer to ':help add-plugin', ':help add-global-plugin' and ':help runtimepath' for more details about Vim plugins.

From "man 1 gpg-agent":
...
You should always add the following lines to your .bashrc or whatever initialization file is used for all shell invocations:

     GPG_TTY=`tty`
     export GPG_TTY

It is important that this environment variable always reflects the output of the tty command. For W32 systems this option is not required.
...

Most distributions provide software to ease handling of gpg and gpg-agent. Examples are keychain or seahorse.
 

rate this script Life Changing Helpful Unfulfilling 
script versions (upload new version)

Click on the package to download.

package script version date Vim version user release notes
gnupg.vim 2.5 2012-06-01 7.2 James McCoy * Ignore keys that aren't usable for encryption instead of simply ones that are expired
gnupg.vim 2.4 2012-05-31 7.2 James McCoy * Improvements when an encrypted file is being '":read" into another buffer.
** Don't wipeout the current buffer if decryption fails.
** Use the current buffer's settings for 'swapfile' and 'undofile' instead of disabling them.
* Make 'u' a no-op immediately after loading the file, just like with normal files.
* Avoid prompting for disambiguation of keys once the user has selected which one to use.
* Ignore expired keys when trying to find a matching key for an id entered in ":GPGEditRecipients"
gnupg.vim 2.3 2011-11-23 7.2 James McCoy * Resolve the filename when saving to follow symlinks.
* Add support for specifying an alternate --homedir, using the g:GPGHomedir variable
gnupg.vim 2.2 2011-08-13 7.0 James McCoy Correctly handle the different keyid-format options
gnupg.vim 2.1 2011-08-10 7.2 James McCoy Add g:GPGUsePipes variable to avoid saving unencrypted data to tempfiles (in a private directory)
gnupg.vim 2.0 2011-06-26 7.2 James McCoy Initial upload
ip used for rating: 54.234.82.216

If you have questions or remarks about this site, visit the vimonline development pages. Please use this site responsibly.
Questions about Vim should go to the maillist. Help Bram help Uganda.
   
SourceForge.net Logo