config option for encryption method

[iggu]

As you mentioned in the docs: "aes-256-ecb instead of aes-256-cbc" But I would like to use 'cbc' not 'ecb', and actually there can be reasons to choose another method. Can you please make it configurable via some 'g:' var?

[MoserMichael]

Good suggestion! Thanks! I should also make the key derivation algorithm (-md option) into a g:something variable and pass it to the python stuff.

[MoserMichael]

fixed with https://github.com/MoserMichael/vimcrypt2/commit/f25531242325c3057566b1c6e34e67427fad7518 also put up a new version on vim.org

[iggu]

Many thanks You helped alot

[iggu]

by some reason cannot make it work in my neovim setup global variables are not set from config.lua and even if I set them manually - on file open I have an error COULD NOT DECRYPT USING EXPRESSION: 0,$!openssl enc -aes-256-cbc -d -salt -pass fd:7 -md sha256 may be this is because my files are encrypted with command openssl aes-256-cbc -salt -pbkdf2 -md sha256 -in "$in" -out "$out" and there also need to be an option for 'pbkdf2' (whatever it is)? (this command line I took from SixArms openssl encrypt/decrypt best settings advice) but adding pbkdf2 to g:addopt doesn help also

but running this command openssl enc -aes-256-cbc -d -salt -in test.aes -md sha256 -pbkdf2 manually from the console works well

[MoserMichael]

try putting the option into g:vimcrypt2_addopt instead of g:addopt , g:vimcrypt2_addopt is passed as is to the openssl command line - when decrypting and encrypting. If you are on the mac: check if there is a difference between libressl and openssl, OSX comes with libressl installed, and brew puts the real openssl into another place.

[MoserMichael]

I should make "openssl" into another option, so it is possible to change the path to the openssl command. (default is to take it from the path)

[iggu]

I am on ubuntu 22.04, with neovim 0.8 Well doesnt work though The command printed is: openssl enc -aes-256-cbc -d -salt -pass fd:7 -md sha256 -pbkdf2 The almost same command openssl enc -aes-256-cbc -d -salt -md sha256 -pbkdf2 -in file.aes launched in the terminal works fine. Ok, bad luck. Dont have time to investigate it anymore. Thanks for you help.

[iggu]

and yes, if I create file.aes from scratch within vim and try to save it for the first time - it doesnt work to

[MoserMichael]

-pass fd:7 is only set by the plugin when it is running. I am passing the data via a pipe (to avoid writing it into some temporary file)

[iggu]

cat file.aes | openssl enc -aes-256-cbc -d -salt -md sha256 -pbkdf2 works fine it is almost the same command as vim launches, and it works this is kind of magic, and cannot be explained :-)

[iggu]

I have debugged the plugin a little.

Well, if I pass -pass pass:{key} instead of -pass fd:{read_file.fileno()} to openssl command in run_enc_dec(action) function (with action === "read") - I can open the test file. So the problem is in master_key<=>key logic, which I do not understand and so cannot fix.

Changing action === "write" logic into the same way makes the plugin functional, with capability to read/write encrypted files (but still got propblems with encrypting new files).

[MoserMichael]

It works on a mac, on my machine. What operating system are you working with? And what output do you have for the following command? openssl version (will check it on the same environment in docker)

[iggu]

OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) Ubuntu 22.04.2 LTS

Maybe the problem is that I am using neovim?

[MoserMichael]

How did you install neovim? (want to reproduce)

[iggu]

well, I am not very expirienced with neovim. I am currently using LunarVim bundle with minor tweaks for my everyday activities. There I just added 'MoserMichael/vimcrypt2' into plugins list in config.lua file, installed it - and that's all.

Actually for now I cannot provide you the exact config lines since I gave up to run vimcrypt2 in my setup. I did all I could, and failed :-(

But you can easy install it in docker: https://www.lunarvim.org/docs/installation https://www.lunarvim.org/docs/configuration/plugins/user-plugins

There were some issues with this plugin's global vars - but they also can be solved via: https://www.lunarvim.org/docs/configuration/options

Good luck! Would be nice if you find time for this bug since your plugin is very useful. But may be it'll be simler to rewrite it totally in lua, I dont know.