Vim and GnuPG with the GnuPG vim-plugin

Last edited

The Vim editor can be enhanced with a plethora of plugins. One of those plugins is the gnupg.vim plugin. This plugin implements transparent editing of GnuPG encrypted files.

The Vim plugin can be used to create and edit files to be shared with others ("recipients").

Although this plugin is very versatile, it is often used for transparent editing of local files that are for the eyes of the user only and will not be shared, but are protected against unauthorised access by the use of strong encryption.

One use case that comes to mind is to create a solution for maintaining a password database. This is a flat file containing information on usernames, passwords and the places to use these. But of course it can be used for any file that needs additional protection by strong encryption.

Loading of the plugin

The plugin consists of a single file, "gnupg.vim", that has to be copied to the $HOME/.vim/plugin/ directory.

The documentation of this plugin is quite sparse, it is in the plugin file,

Adoption in .vimrc

The use of this plugin requires some extra lines in the .vimrc file:

let g:GPGPreferArmor=1
let g:GPGDefaultRecipients=[""]

The first line makes sure that encrypted files are saved in the so called ascii-armor format. This means that these files are safe for email and other solutions that require pure ASCII.

The second line is ment to be used for files that are encrypted to one's own key. Here we set the default recipient. So if you choose your own key here, the files will be encrypted for your own key by default.


Pre-encrypted file

Own of the most simple uses is to open a ascii-armored file, like:

vim myfile.asc

You are prompted to enter the passphrase for the appropriate GnuPG-key (unless gpg-agent will do this for you) and the file is decrypted on the fly. The decripted version will be opened in your Vim-buffer. After editing the file, you close it with the standard :wq command. The file will now first be encrypted for the same key it was previous encrypted for and the ascii-armored version of the encrypted file will be saved to disk.

Editing a new file

The simplest way to create a new, GnuPG encrypted file is to create a file with Vim with the .gpg extension:

vim myfile.gpg

Vim opens with two buffers, one empty buffer for your new file and another to enter the recipients for your file. The recipients are the keys you want to encrypt the file for. As you have stated your own key in your .vimrc-file, this default key will be shown in this buffer. Just close this buffer with :q is enough to choose the default recipient.

Now you can add content to the empty buffer and save with :wq. The contents will be encrypted prior to be written to the file myfile.gpg. If you like to, you can rename this file to myfile.asc.