Manuel Wildauers blog

GPG and VIM

#vim #gnupg #privacy Share on Twitter

I like to write small notes in simple files with vim. Sometimes I want to encrypt these files, so that not everyone can everything read in there. I was looking for a solution and found this.

augroup aencrypted
	au!
	" First make sure nothing is written to ~/.viminfo while editing
	" an encrypted file.
	autocmd BufReadPre,FileReadPre          *.asc set viminfo=
	" We don't want a swap file, as it writes unencrypted data to disk
	autocmd BufReadPre,FileReadPre          *.asc set noswapfile
	" Switch to binary mode to read the encrypted file
	autocmd BufReadPre,FileReadPre          *.asc set bin
	autocmd BufReadPre,FileReadPre          *.asc let ch_save = &ch|set ch=2
	autocmd BufReadPost,FileReadPost        *.asc '[,']!sh -c "gpg --decrypt 2> /dev/null"
	" Switch to normal mode for editing
	autocmd BufReadPost,FileReadPost        *.asc set nobin
	autocmd BufReadPost,FileReadPost        *.asc let &ch = ch_save|unlet ch_save
	autocmd BufReadPost,FileReadPost        *.asc execute ":doautocmd BufReadPost " . expand("%:r")
	" Convert all text to encrypted text before writing
	autocmd BufWritePre,FileWritePre        *.asc   '[,']!sh -c "gpg --default-recipient-self -ae 2>/dev/null"
	" Undo the encryption so we are back in the normal text, directly
	" after the file has been written.
	autocmd BufWritePost,FileWritePost        *.asc   u
augroup END

augroup bencrypted
	au!
	" First make sure nothing is written to ~/.viminfo while editing
	" an encrypted file.
	autocmd BufReadPre,FileReadPre          *.gpg set viminfo=
	" We don't want a swap file, as it writes unencrypted data to disk
	autocmd BufReadPre,FileReadPre          *.gpg set noswapfile
	" Switch to binary mode to read the encrypted file
	autocmd BufReadPre,FileReadPre          *.gpg set bin
	autocmd BufReadPre,FileReadPre          *.gpg let ch_save = &ch|set ch=2
	autocmd BufReadPost,FileReadPost        *.gpg '[,']!sh -c "gpg --decrypt 2> /dev/null"
	" Switch to normal mode for editing
	autocmd BufReadPost,FileReadPost        *.gpg set nobin
	autocmd BufReadPost,FileReadPost        *.gpg let &ch = ch_save|unlet ch_save
	autocmd BufReadPost,FileReadPost        *.gpg execute ":doautocmd BufReadPost " . expand("%:r")
	" Convert all text to encrypted text before writing
	autocmd BufWritePre,FileWritePre        *.gpg   '[,']!sh -c "gpg --default-recipient-self --armor -ev 2>/dev/null"
	" Undo the encryption so we are back in the normal text, directly
	" after the file has been written.
	autocmd BufWritePost,FileWritePost        *.gpg   u
augroup END

Then you can create a new file with vim YOURNOTE.gpg. This will be encrypted when saving and decrypt when opened.