Vim Content Encryption

Michael's Site About Martial Arts Aikido Jinenkan Tatsumaki Dojo Projects Security My Toolkit GitHub Links Encryption Configuring Vim for Content Encryption By MichaelMarch 4, 2021 [Originally posted on my WordPress site.]

It is possible to save the content of a Vim session as an encrypted file, simply by using the ':X' command and setting a password. The problem is the default encryption mode is considered weak - PkZip is a stream cipher that XORs the password with the file content, and the first Blowfish implementation for Vim can have repeating bytes in the ciphertext (see ':help cryptmethod'). Using the default mode, we get the following message:

Warning: Using a weak encryption method; see :help 'cm'

Changing the Encryption Mode Blowfish2 is an improved and recommended option, but it should be noted that older installations of Vim cannot decrypt a Blowfish2-encrypted file. Blowfish2 can be set as the encryption mode using the following commands:

:setlocal cm=blowfish2 Or :set cryptmethod=blowfish2

To set the encryption mode in the configuration file, add the following lines to /etc/vim/vimrc:

set cm=blowfish2 set viminfo= set nobackup set nowritebackup

This should set the default cipher to Blowfish2, and prevent any background writes of the plaintext to the hard disk.

This article was updated on September 4, 2021

Encryption Security Software Michael Michael PREVIOUS POST Vim as a Developer Environment NEXT POST Base Camp Journal: Tenby © 2020 Powered by Publii Static CMS About Martial Arts Projects Security My Toolkit GitHub Links