search

jamessan / vim-gnupg

This script implements transparent editing of gpg encrypted files.
http://www.vim.org/scripts/script.php?script_id=3645
729 stars 73 forks source link

contents of main buffer are parsed as recipients #104

Closed ThomasAH closed 4 years ago

ThomasAH commented 5 years ago

As indicated in other issues I had problems with git master, which did not exist in v2.6.1. I just tested again with 6219a5a0d70dbc10c5e70289a2c400d6d8b62762 and found the following:

  1. vim test.gpg
  2. if the file already existed, use :GPGEditRecipients to open the recipients list
  3. close the recipients list (optionally add or remove recipients)
  4. change the text of the main buffer to just com (or anything else that has multiple matches in your keyring), optionally add additional lines with org, debian (or whatever has multiple matches in your keyring)
  5. save the file

Now for each line of the main buffer that matches multiple keys in your keyring, gnupg.vim asks to select the correct recipient. (the file does not get encrypted to these recipients though)

leahneukirchen commented 4 years ago

This still happens on 2.7. Luckily the lines are shell escaped, but this leaks secrets to other users of the system that use ps or top.

jamessan commented 4 years ago

I think I see what's going on. I should have a fixed version out today or tomorrow. I'll ping you on the PR to verify it fixes your uses.