Vim and GnuPG with the GnuPG vim-plugin

Last edited: $Date: 2019/01/11 19:38:31 $

The Vim  editor can be enhanced  with a plethora of  plugins. One of
those  plugins  is  the  gnupg.vim plugin.  This  plugin  implements
transparent editing of GnuPG encrypted files.

The Vim  plugin can be  used to create and  edit files to  be shared
with others ("recipients").

Although  this  plugin is  very  versatile,  it  is often  used  for
transparent editing of local files that are for the eyes of the user
only and will not be  shared, but are protected against unauthorised
access by the use of strong encryption.

One  use  case that  comes  to  mind is  to  create  a solution  for
maintaining  a password  database. This  is a  flat file  containing
information on usernames, passwords and the places to use these. But
of  course  it can  be  used  for  any  file that  needs  additional
protection by strong encryption.

## Loading of the plugin

The plugin  consists of a single  file, "gnupg.vim", that has  to be
copied to the $HOME/.vim/plugin/ directory.

The  documentation of  this plugin  is quite  sparse, it  is in  the
plugin file,

## Adoption in .vimrc

The use of this plugin requires some extra lines in the .vimrc file:

   let g:GPGPreferArmor=1
   let g:GPGDefaultRecipients=["[email protected]"]

The first line  makes sure that encrypted files are  saved in the so
called ascii-armor format. This means  that these files are safe for
email and other solutions that require pure ASCII.

The second line is  ment to be used for files  that are encrypted to
one's own key.  Here we set the default recipient.  So if you choose
your own key here,  the files will be encrypted for  your own key by

## Usage

### Pre-encrypted file

Own of the most simple uses is to open a ascii-armored file, like:

   vim myfile.asc

You  are  prompted  to  enter the  passphrase  for  the  appropriate
GnuPG-key (unless  gpg-agent will do this  for you) and the  file is
decrypted on the  fly. The decripted version will be  opened in your
Vim-buffer. After editing  the file, you close it  with the standard
:wq command. The  file will now first be encrypted  for the same key
it was previous  encrypted for and the ascii-armored  version of the
encrypted file will be saved to disk.

### Editing a new file

The simplest way to create a  new, GnuPG encrypted file is to create
a file with Vim with the .gpg extension:

   vim myfile.gpg

Vim opens with  two buffers, one empty buffer for  your new file and
another to  enter the recipients  for your file. The  recipients are
the keys you want  to encrypt the file for. As  you have stated your
own key in your .vimrc-file, this  default key will be shown in this
buffer.  Just close  this buffer  with :q  is enough  to choose  the
default recipient.

Now you can add  content to the empty buffer and  save with :wq. The
contents  will  be  encrypted  prior  to  be  written  to  the  file
myfile.gpg. If you like to, you can rename this file to myfile.asc.

$Id: vimgpg.txt,v 1.1 2019/01/11 19:38:31 matto Exp matto $