vim and encryption

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

vim and encryption

Tobias Klausmann
Hey,

I was really happy to read that newer Vims (i.e. 7.3) include
Blowfish encryption, which is markedly more secure than what vim
used to use (the pkzip thing).

I'd like to use vim to keep an encrypted file of sensitive data.
I'm aware of the implications of keyloggers, exchanged binaries
and the fact that my text file is still unencrypted in memory
(and may even go to disk if it's large enough to be swapped).

All that said, I'd still like to use it this way. What I have
been unable to accomplish is keeping vim from writing a viminfo
file. At first I tried this in vimrc:

if exists("key")
 let viminfo=""
endif

This does not work. Also, using "set noviminfo" and "let
viminfo=n/dev/null" won't work either. In all cases, my edit
commands were recallable after quitting vim and starting it
again.

What can I do? The help page doesn't mention any other variable I
could check.

Regards & TIA,
Tobias

PS: Also, the Notes section at the end of the encryption help
text probably should be changed, it currently reads:

"""
- The algorithm used is breakable.  A 4 character key in about one hour, a 6
  character key in one day (on a Pentium 133 PC).  This requires that you know
  some text that must appear in the file.  An expert can break it for any key.
  When the text has been decrypted, this also means that the key can be
  revealed, and other files encrypted with the same key can be decrypted.
- Pkzip uses the same encryption, and US Govt has no objection to its export.
  Pkzip's public file APPNOTE.TXT describes this algorithm in detail.
"""

This does not reflect the newly available Blowfish encryption. I
can write up a patch for this passage if that is desired.

--
Sent from aboard the Culture ship
        GSV (Plate Class) The Anticipation Of A New Lover's Arrival

--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
Reply | Threaded
Open this post in threaded view
|

Re: vim and encryption

Nikolay Aleksandrovich Pavlov
Ответ на сообщение «vim and encryption»,
присланное в 16:30:26 25 августа 2010, Среда,
отправитель Tobias Klausmann:

You forgot to add an ampersand: you should use either
    set viminfo=
or
    let &viminfo=""
. Now you are setting only global variable g:viminfo.

Текст сообщения:

> Hey,
>
> I was really happy to read that newer Vims (i.e. 7.3) include
> Blowfish encryption, which is markedly more secure than what vim
> used to use (the pkzip thing).
>
> I'd like to use vim to keep an encrypted file of sensitive data.
> I'm aware of the implications of keyloggers, exchanged binaries
> and the fact that my text file is still unencrypted in memory
> (and may even go to disk if it's large enough to be swapped).
>
> All that said, I'd still like to use it this way. What I have
> been unable to accomplish is keeping vim from writing a viminfo
> file. At first I tried this in vimrc:
>
> if exists("key")
>  let viminfo=""
> endif
>
> This does not work. Also, using "set noviminfo" and "let
> viminfo=n/dev/null" won't work either. In all cases, my edit
> commands were recallable after quitting vim and starting it
> again.
>
> What can I do? The help page doesn't mention any other variable I
> could check.
>
> Regards & TIA,
> Tobias
>
> PS: Also, the Notes section at the end of the encryption help
> text probably should be changed, it currently reads:
>
> """
> - The algorithm used is breakable.  A 4 character key in about one hour, a
> 6 character key in one day (on a Pentium 133 PC).  This requires that you
> know some text that must appear in the file.  An expert can break it for
> any key. When the text has been decrypted, this also means that the key
> can be revealed, and other files encrypted with the same key can be
> decrypted. - Pkzip uses the same encryption, and US Govt has no objection
> to its export. Pkzip's public file APPNOTE.TXT describes this algorithm in
> detail. """
>
> This does not reflect the newly available Blowfish encryption. I
> can write up a patch for this passage if that is desired.

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: vim and encryption

Tobias Klausmann
Hi!

On Wed, 25 Aug 2010, ZyX wrote:

> On Wed, 25 Aug 2010, Tobias Klausmann wrote:
> > All that said, I'd still like to use it this way. What I have
> > been unable to accomplish is keeping vim from writing a viminfo
> > file. At first I tried this in vimrc:
> >
> > if exists("key")
> >  let viminfo=""
> > endif
> >
> > This does not work. Also, using "set noviminfo" and "let
> > viminfo=n/dev/null" won't work either. In all cases, my edit
> > commands were recallable after quitting vim and starting it
> > again.
> You forgot to add an ampersand: you should use either
>     set viminfo=
> or
>     let &viminfo=""
> . Now you are setting only global variable g:viminfo.

Done that, no luck though: apparently, checking for the existance
of "key" does not work - the variable's contents is "hidden" as
the help text explains. Unfortunately, this also means that
exists() doesn't see it in this case. Thus, I need another way of
detecting that vim is in encryption mode.

Any ideas?

Regards,
Tobias


--
Sent from aboard the Culture ship
        GSV (Plate Class) The Anticipation Of A New Lover's Arrival

--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
Reply | Threaded
Open this post in threaded view
|

Re: vim and encryption

Andrei Popescu-3
In reply to this post by Tobias Klausmann
On Mi, 25 aug 10, 14:30:26, Tobias Klausmann wrote:

> Hey,
>
> I was really happy to read that newer Vims (i.e. 7.3) include
> Blowfish encryption, which is markedly more secure than what vim
> used to use (the pkzip thing).
>
> I'd like to use vim to keep an encrypted file of sensitive data.
> I'm aware of the implications of keyloggers, exchanged binaries
> and the fact that my text file is still unencrypted in memory
> (and may even go to disk if it's large enough to be swapped).
Have a look at the gnupg plugin ;)

Andrei
--
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)

signature.asc (501 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: vim and encryption

Nikolay Aleksandrovich Pavlov
In reply to this post by Tobias Klausmann
Ответ на сообщение «Re: vim and encryption»,
присланное в 22:08:06 25 августа 2010, Среда,
отправитель Tobias Klausmann:

1. All options either exist in current vim session or not. This cannot be
changed.
2. ``echo exists("&key")'' echoes 1 as expected. ``exists("key")'' is a check
for either global or local to function varible ``key'', not for an option.
3. You can check for availability of encryption with ``has("cryptv")''. But this
will not let you check whether file is encrypted.
4. What you want is probably ``if !empty(&key)''. My vim echoes five stars when
I set key and nothing when key is empty. Though five stars are not your
password, but they are definitely not an empty string, so empty(&key) will
return 0 if key is not set.

Текст сообщения:

> Hi!
>
> On Wed, 25 Aug 2010, ZyX wrote:
> > On Wed, 25 Aug 2010, Tobias Klausmann wrote:
> > > All that said, I'd still like to use it this way. What I have
> > > been unable to accomplish is keeping vim from writing a viminfo
> > > file. At first I tried this in vimrc:
> > >
> > > if exists("key")
> > >
> > >  let viminfo=""
> > >
> > > endif
> > >
> > > This does not work. Also, using "set noviminfo" and "let
> > > viminfo=n/dev/null" won't work either. In all cases, my edit
> > > commands were recallable after quitting vim and starting it
> > > again.
> >
> > You forgot to add an ampersand: you should use either
> >
> >     set viminfo=
> >
> > or
> >
> >     let &viminfo=""
> >
> > . Now you are setting only global variable g:viminfo.
>
> Done that, no luck though: apparently, checking for the existance
> of "key" does not work - the variable's contents is "hidden" as
> the help text explains. Unfortunately, this also means that
> exists() doesn't see it in this case. Thus, I need another way of
> detecting that vim is in encryption mode.
>
> Any ideas?
>
> Regards,
> Tobias

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: vim and encryption

Nikolay Aleksandrovich Pavlov
Ответ на сообщение «Re: vim and encryption»,
присланное в 22:21:29 26 августа 2010, Четверг,
отправитель ZyX:

Sorry, !empty(&key) will return 0 if key is not set.

Текст сообщения:

> Ответ на сообщение «Re: vim and encryption»,
> присланное в 22:08:06 25 августа 2010, Среда,
> отправитель Tobias Klausmann:
>
> 1. All options either exist in current vim session or not. This cannot be
> changed.
> 2. ``echo exists("&key")'' echoes 1 as expected. ``exists("key")'' is a
> check for either global or local to function varible ``key'', not for an
> option. 3. You can check for availability of encryption with
> ``has("cryptv")''. But this will not let you check whether file is
> encrypted.
> 4. What you want is probably ``if !empty(&key)''. My vim echoes five stars
> when I set key and nothing when key is empty. Though five stars are not
> your password, but they are definitely not an empty string, so empty(&key)
> will return 0 if key is not set.
>
> Текст сообщения:
> > Hi!
> >
> > On Wed, 25 Aug 2010, ZyX wrote:
> > > On Wed, 25 Aug 2010, Tobias Klausmann wrote:
> > > > All that said, I'd still like to use it this way. What I have
> > > > been unable to accomplish is keeping vim from writing a viminfo
> > > > file. At first I tried this in vimrc:
> > > >
> > > > if exists("key")
> > > >
> > > >  let viminfo=""
> > > >
> > > > endif
> > > >
> > > > This does not work. Also, using "set noviminfo" and "let
> > > > viminfo=n/dev/null" won't work either. In all cases, my edit
> > > > commands were recallable after quitting vim and starting it
> > > > again.
> > >
> > > You forgot to add an ampersand: you should use either
> > >
> > >     set viminfo=
> > >
> > > or
> > >
> > >     let &viminfo=""
> > >
> > > . Now you are setting only global variable g:viminfo.
> >
> > Done that, no luck though: apparently, checking for the existance
> > of "key" does not work - the variable's contents is "hidden" as
> > the help text explains. Unfortunately, this also means that
> > exists() doesn't see it in this case. Thus, I need another way of
> > detecting that vim is in encryption mode.
> >
> > Any ideas?
> >
> > Regards,
> > Tobias

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: vim and encryption

Tobias Klausmann
Hi!

On Thu, 26 Aug 2010, ZyX wrote:

> Текст сообщения:
> > Ответ на сообщение <<Re: vim and encryption>>,
> > присланное в 22:08:06 25 августа 2010, Среда,
> > отправитель Tobias Klausmann:
> >
> > 1. All options either exist in current vim session or not. This cannot be
> > changed.
> > 2. ``echo exists("&key")'' echoes 1 as expected. ``exists("key")'' is a
> > check for either global or local to function varible ``key'', not for an
> > option. 3. You can check for availability of encryption with
> > ``has("cryptv")''. But this will not let you check whether file is
> > encrypted.
> > 4. What you want is probably ``if !empty(&key)''. My vim echoes five stars
> > when I set key and nothing when key is empty. Though five stars are not
> > your password, but they are definitely not an empty string, so empty(&key)
> > will return 0 if key is not set.
> >
> Sorry, !empty(&key) will return 0 if key is not set.

Thanks! That works the way I wanted it to.

Regards,
Tobias

--
Sent from aboard the Culture ship
        LOU (Killer Class) Attitude Adjuster

--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
Reply | Threaded
Open this post in threaded view
|

Re: vim and encryption

Tobias Klausmann
In reply to this post by Andrei Popescu-3
Hi!

On Thu, 26 Aug 2010, Andrei Popescu wrote:
> > I'd like to use vim to keep an encrypted file of sensitive data.
> > I'm aware of the implications of keyloggers, exchanged binaries
> > and the fact that my text file is still unencrypted in memory
> > (and may even go to disk if it's large enough to be swapped).
>
> Have a look at the gnupg plugin ;)

When I was still using GnuPG 1.x, I used that plugin and I liked
it very much. Unfortunately, GnuPG 2.x wants to employ en
external program to ask for the passphrase (usually pinentry).
Since I most often use this encrypted-file functionality
remotely, I can't use pinentry-qt or -gtk, having to rely on
pinentry-curses. But if I want to use that in conjunction with
the GnuPG plugin, pinentry and vim start fighting over the
terminal and it either doesn't work at all or my passphrase is
echoed back to me. I tried finding a solution for this a few
years back (when I swichted to GnuPG 2.x) but never found one.
And no, using gpg-agent is not an option (for sundry other
reasons).

Regards,
Tobias

--
Sent from aboard the Culture ship
        LOU (Killer Class) Attitude Adjuster

--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
Reply | Threaded
Open this post in threaded view
|

Re: vim and encryption

Andy Wokula
In reply to this post by Tobias Klausmann
Am 25.08.2010 14:30, schrieb Tobias Klausmann:
 > Hey,
 >
 > I was really happy to read that newer Vims (i.e. 7.3) include
 > Blowfish encryption, which is markedly more secure than what vim
 > used to use (the pkzip thing).
 >
 > I'd like to use vim to keep an encrypted file of sensitive data.
 > I'm aware of the implications of keyloggers, exchanged binaries
 > and the fact that my text file is still unencrypted in memory
 > (and may even go to disk if it's large enough to be swapped).
 >
 > All that said, I'd still like to use it this way. What I have
 > been unable to accomplish is keeping vim from writing a viminfo
 > file.

Not mentioned yet: you can start vim with argument "-i NONE".
     :h -i

For example, I use it when starting a clean vim:
     gvim.exe -N -u NONE -i NONE
This way the history in the viminfo file is not cut to the default
number of entries.

--
Andy

--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php