Manuel Wildauers blog

GPG und VIM

Ich schreibe gerne kleine Notizen mit vim in einfache Datein. Damit nicht jeder im vorbeigehen alles Lesen kann was da so drin steht, verschlüssele ich diese mit GnuPG. Früher hatte ich mal dafür ein kleines Script welches mir die Datei nach /tmp entschlüsselt, ich sie mit vim editiere und am Schluss wieder verschlüsselt speichert. Irgendwann habe ich im Debianforum Wiki hierfür ein Snippet für die ~/.vimrc gefunden.

Folgendes muss einfach in die ~/.vimrc eingetragen werden:

augroup aencrypted
	au!
	" First make sure nothing is written to ~/.viminfo while editing
	" an encrypted file.
	autocmd BufReadPre,FileReadPre          *.asc set viminfo=
	" We don't want a swap file, as it writes unencrypted data to disk
	autocmd BufReadPre,FileReadPre          *.asc set noswapfile
	" Switch to binary mode to read the encrypted file
	autocmd BufReadPre,FileReadPre          *.asc set bin
	autocmd BufReadPre,FileReadPre          *.asc let ch_save = &ch|set ch=2
	autocmd BufReadPost,FileReadPost        *.asc '[,']!sh -c "gpg --decrypt 2> /dev/null"
	" Switch to normal mode for editing
	autocmd BufReadPost,FileReadPost        *.asc set nobin
	autocmd BufReadPost,FileReadPost        *.asc let &ch = ch_save|unlet ch_save
	autocmd BufReadPost,FileReadPost        *.asc execute ":doautocmd BufReadPost " . expand("%:r")
	" Convert all text to encrypted text before writing
	autocmd BufWritePre,FileWritePre        *.asc   '[,']!sh -c "gpg --default-recipient-self -ae 2>/dev/null"
	" Undo the encryption so we are back in the normal text, directly
	" after the file has been written.
	autocmd BufWritePost,FileWritePost        *.asc   u
augroup END

augroup bencrypted
	au!
	" First make sure nothing is written to ~/.viminfo while editing
	" an encrypted file.
	autocmd BufReadPre,FileReadPre          *.gpg set viminfo=
	" We don't want a swap file, as it writes unencrypted data to disk
	autocmd BufReadPre,FileReadPre          *.gpg set noswapfile
	" Switch to binary mode to read the encrypted file
	autocmd BufReadPre,FileReadPre          *.gpg set bin
	autocmd BufReadPre,FileReadPre          *.gpg let ch_save = &ch|set ch=2
	autocmd BufReadPost,FileReadPost        *.gpg '[,']!sh -c "gpg --decrypt 2> /dev/null"
	" Switch to normal mode for editing
	autocmd BufReadPost,FileReadPost        *.gpg set nobin
	autocmd BufReadPost,FileReadPost        *.gpg let &ch = ch_save|unlet ch_save
	autocmd BufReadPost,FileReadPost        *.gpg execute ":doautocmd BufReadPost " . expand("%:r")
	" Convert all text to encrypted text before writing
	autocmd BufWritePre,FileWritePre        *.gpg   '[,']!sh -c "gpg --default-recipient-self --armor -ev 2>/dev/null"
	" Undo the encryption so we are back in the normal text, directly
	" after the file has been written.
	autocmd BufWritePost,FileWritePost        *.gpg   u
augroup END

Danach könnt ihr mit vim IRGENDEINDATEINAME.gpg eine neue Datei erstellen. Diese wird beim speichern (:w) verschlüsselt bzw beim öffnen entschlüsselt.