未加星标

Using encrypted documents with vim

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二03 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏
Encrypting files with vim

Everyone has secrets. Or at least some data you don’t want to show others, right? Vim is a common editor to be found on linux systems. It has an option to create and use encrypted files. We will look at how to configure it and use this encryption capability.

Encryption is the process of fiddling with data so that others no longer can’t read it. The idea is that you still can, so when we speak about encryption, we can’t ignore decryption. This also means that we need a good cryptographic algorithm. This way we can store our original file into an encrypted version. Then when we later need the data again, we can decrypt it.

Important to notice is that the implementation of encryption in vim is suitable for personal use. If you want to protect intellectual property, trade secrets, or even more sensitive data, consider other options. We will discuss these later.

Configure vim

To use encryption, we first need the right support in your vim installation. Secondly, some configuration is required to activate the right settings and doing it securely.

Cryptv support

No cryptography magic will happen if we don’t have the right support. We need the cryptv support compiled into vim.

vim version

This output should give you version details and related capabilities. Search for +cryptv in the output.


Using encrypted documents with vim
Blowfish2 support

Your version needs to be at least 7.4 with patch level 401 . If your Linux distribution ships an older version, you can only use ‘blowfish’. The implementation of blowfish in vim is incorrectly implemented, resulting in weakened encryption. Thismakes it possible to crack the first 64 bytes of the file and possibly more.

Set encryption method

We start by setting the encryption method we want to use.

:set cryptmethod=blowfish2

Tip: you can also use cm as an abbreviated version.

Disable backups

During editing your files you may not want to leak any sensitive data. Backup files have the main purpose to make a copy of your data, but that is not what you may want in this case. Disable the creation of these files.

Do not make a backup

:set nobackup

Do not write to a temporary file first

:set nowritebackup

If you still prefer to have some backup files, you could enforce writing temporary files in directories you control and clean those out at your convenience. This way you still have the backup, with slightly more control over where any sensitive data may be located.

:set backupdir=~/vimtmp,.

:set directory=~/vimtmp,.

Another tweak to still allow backup files is disabling them for some specific directories

:set backupskip=/tmp/*,/private/tmp/*

Disable viminfo

The viminfo file also maintains information about your vim sessions. As this may contain sensitive data, disable the file if you don’t want to take any risk of leaking data.

:set viminfo=

Disable swap

The creation of swap files (.swp) can be disabled as well.

:set noswapfile

If you want to reuse these settings, simply add it to your ~/.vimrc file. For example:

set cryptmethod=blowfish2

set nobackup

set nowritebackup

set viminfo=

With these settings in place, we can start using the encryption options vim has to offer.

Enable encryption of a file

Start vim with the -x option.

vim -x mynewfile.txt

For a file that is already opened, use the :X option and vim will ask you for an encryption key. This will be used to mangle all data and ensure others (without the key) can’t see the data.


Using encrypted documents with vim

After saving (with :w ) the file is stored on disk. You can validate that the data is encrypted by using the file command.


Using encrypted documents with vim

When opening up the file you will be asked for your encryption key. If that matches the one you provided before, the file is editable again.

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: Linux
分页:12
转载请注明
本文标题:Using encrypted documents with vim
本站链接:http://www.codesec.net/view/483996.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(22)