gnupg.vim : Plugin for transparent editing of gpg encrypted files.
| script karma
Downloaded by 9289
Comments, bugs, improvements
script versions (upload new version)
|This script implements transparent editing of gpg encrypted files. The filename must have a ".gpg", ".pgp" or ".asc" suffix. When opening such a file the content is decrypted, when opening a new file the script will ask for the recipients of the encrypted file. The file content will be encrypted to all recipients before it is written. The script turns off viminfo and swapfile to increase security.
This is a continuation of the work initially done by Markus Braun in vimscript #661. Development takes place at https://github.com/jamessan/vim-gnupg.
Opens a scratch buffer to change the list of recipients. Recipients that
are unknown (not in your public key) are highlighted and have
a prepended "!". Closing the buffer makes the changes permanent.
Prints the list of recipients.
Opens a scratch buffer to change the options for encryption (symmetric,
asymmetric, signing). Closing the buffer makes the changes permanent.
WARNING: There is no check of the entered options, so you need to know
what you are doing.
Prints the list of options.
If set used as gpg executable, otherwise the system chooses what is run
when "gpg" is called. Defaults to "gpg".
If set to 0 a possible available gpg-agent won't be used. Defaults to 1.
If set to 1 symmetric encryption is preferred for new files. Defaults to 0.
If set to 1 armored data is preferred for new files. Defaults to 0.
If set to 1 signed data is preferred for new files. Defaults to 0.
If set, these recipients are used as defaults when no other recipient is
defined. This variable is a Vim list. Default is unset.
If set, these contents are loaded into the recipients dialog. This
allows to add commented lines with possible recipients to the list,
which can be uncommented to select the actual recipients. Default is
\"Example User <firstname.lastname@example.org>",
\"Other User <email@example.com>"
If set to 1, use pipes instead of temporary files when interacting with
gnupg. When set to 1, this can cause terminal-based gpg agents to not
display correctly when prompting for passwords. Defaults to 0.
If set, specifies the directory that will be used for GPG's homedir. This
corresponds to gpg's --homedir option. This variable is a Vim string.
Default is unset.
In some cases gvim can't decrypt files
This is caused by the fact that a running gvim has no TTY and thus gpg is
not able to ask for the passphrase by itself. This is a problem for Windows
and Linux versions of gvim and could not be solved unless a "terminal
emulation" is implemented for gvim. To circumvent this you have to use any
combination of gpg-agent and a graphical pinentry program:
- gpg-agent only:
you need to provide the passphrase for the needed key to gpg-agent
in a terminal before you open files with gvim which require this key.
- pinentry only:
you will get a popup window every time you open a file that needs to
- gpgagent and pinentry:
you will get a popup window the first time you open a file that
needs to be decrypted.
|Copy the gnupg.vim file to the $HOME/.vim/plugin directory. Refer to ':help add-plugin', ':help add-global-plugin' and ':help runtimepath' for more details about Vim plugins.
From "man 1 gpg-agent":
You should always add the following lines to your .bashrc or whatever initialization file is used for all shell invocations:
It is important that this environment variable always reflects the output of the tty command. For W32 systems this option is not required.
Most distributions provide software to ease handling of gpg and gpg-agent. Examples are keychain or seahorse.
Click on the package to download.
ip used for rating:
||* Preserve &readonly setting even if the file itself isn't read-only (e.g., using "vim -R" or ":view")
* Let Vim detect file encoding and file format when opening the file
* Remove unnecessary (and potentially damaging) changing of &encoding when reading/writing the encrypted file
* Avoid adding extra blank lines to buffer when loading unencrypted files
* Set &buftype='acwrite' to ensure encrypted buffers are only saved via the plugin's BufWriteCmd
* Add support for Gpg4win so the plugin can be used under cygwin
* Better mimic Vim's behavior when using ":saveas" or ":w newfile", and leave the original buffer modified
* Improve handling of options and recipients buffers to avoid one triggering the other
* Check for the standard armor header, rather than inspecting gpg's output to determine if a file is armored
||* Improved support for GPG 2.x
* New g:GPGPossibleRecipients option to pre-populate the recipients list
* New g:GPGFilePattern option to define which files will be handled by the plugin
* Work around interactions between Vim and gpg/pinentry that caused special keys (e.g., arrows) to stop being recognized in Vim
* Trigger FileWritePre/Post before/after saving a portion of a buffer
* Trigger BufReadPre/FileReadPre before reading encrypted files
* The buffer is now marked readonly if the source file does not have write permissions
||* Ignore keys that aren't usable for encryption instead of simply ones that are expired
||* Improvements when an encrypted file is being '":read" into another buffer.
** Don't wipeout the current buffer if decryption fails.
** Use the current buffer's settings for 'swapfile' and 'undofile' instead of disabling them.
* Make 'u' a no-op immediately after loading the file, just like with normal files.
* Avoid prompting for disambiguation of keys once the user has selected which one to use.
* Ignore expired keys when trying to find a matching key for an id entered in ":GPGEditRecipients"
||* Resolve the filename when saving to follow symlinks.
* Add support for specifying an alternate --homedir, using the g:GPGHomedir variable
||Correctly handle the different keyid-format options
||Add g:GPGUsePipes variable to avoid saving unencrypted data to tempfiles (in a private directory)