tGpg is a Vim plugin for encrypting files with gpg.
This plugin currently can do the following:
- encrypt symmetrically
- encrypt asymmetrically
- clearsign buffer contents
I couldn't get any of the existing gpg plugins to work properly (windows Gvim & cygwin gpg) and do all the things I wanted it to do, so I wrote this one. The main purpose is to perform symmetric encryption (the default) but it's flexible enough to do also clearsign and asymmetric encryption. Depending on your version of gpg, this script could also be used as some kind of password safe.
You can set g:tgpgMode or b:tgpgMode to 'encrypt' for switching to asymmetric encryption as default. You can also control the use of symmetric and asymmetric encryption by setting set g:tgpgPattern_symmetric and g:tgpgPattern_encrypt.
This plugin passes the passphrase on the command line to the gpg program. So, it could be possible that somebody makes the passphrase show up in some command log. Under some circumstances it could also be possible that some info (eg the recipients) is logged in your viminfo file. If you clearsign a message, the plain text will be written to disk. Ie, if you clearsign a gpg encrypted message, the text will temporarily be written to disk as plain text -- please keep in mind the vast range of possible consequences.
This plugin uses the (Buf|File)(Read|Write)Cmd autocommand events to write/read the file. I'm not sure how this works out with other plugins using these events.
As I don't like typing passphrases, this plugin caches all the passphrases entered in a script local variable. This means that passphrases are likely to be written to the swapfile, from where somebody somehow could possibly do something ... Set g:tgpgCachePW to 1 (buffer-wise caching only) or 0 (no caching) to change this.
If you get a message telling you about gpg command line options instead of the decrypted file, please check the value of g:tgpgShellQuote.
If writing fails, it's possible that you end up with a corrupted or empty file. That's why we make backups by default. Set g:tgpgBackup to 0 to change this.
Copy to ~/.vim/plugin/ or similar.
This plugin currently is somewhat experimental. Don't blame me if you end up with a file you can't decrypt anymore.
What's New in This Release:
· /bb- Reset cached passwords after g:tgpg_timeout seconds without access
· If g:tgpg_gpg_md5_sum is set, check gpg's checksum via g:tgpg_gpg_md5_check before doing anything.
· The gpg program must be configured via g:tgpg_gpg_cmd.
· Make sure certain options (e.g., verbosefile, verbose) are set to
· predefined values during read/write, see g:tgpg_options.
· Reset registers when unloading the buffer (this should prevent
· information copied to the clipboard to be written to the viminfo file;
· as it may have unintended consequences, you can turn it off by setting
· g:tgpg_registers to '')
· randomized replacement tables for encryption