vim-gnupg

This script implements transparent editing of gpg encrypted files. The filename must have a .gpg, .pgp or .asc suffix. When opening such a file the content is decrypted, when opening a new file the script will ask for the recipients of the encrypted file. The file content will be encrypted to all recipients before it is written. The script turns off viminfo, swapfile, and undofile to increase security.

Installation

Use your favorite plugin manager.

For manual installation, use either pathogen (for old Vim versions) or Vim's packages.

pathogen

Clone or unpack into $HOME/.vim/bundle

Vim package

Clone or unpack into $HOME/.vim/pack/gnupg/start/

GPG Agent

From man 1 gpg-agent:

You should always add the following lines to your .bashrc or whatever initialization file is used for all shell invocations:
GPG_TTY=`tty`
export GPG_TTY
It is important that this environment variable always reflects the output of the tty command. For W32 systems this option is not required.

Most distributions provide software to ease handling of gpg and gpg-agent. Examples are keychain or seahorse.

Reacting to opening an encrypted file

If there are specific actions that should take place when editing a GnuPG-managed buffer, an autocmd for the User event and GnuPG pattern can be defined. For example, the following will set textwidth to 72 for all GnuPG-encrypted buffers:

autocmd User GnuPG setl textwidth=72

This will be triggered before any BufRead or BufNewFile autocmds, and therefore will not take precedence over settings specific to any filetype that may get set.

Known Issues

In some cases gvim can't decrypt files.

This is caused by the fact that a running gvim has no TTY and thus gpg is not able to ask for the passphrase by itself. This is a problem for Windows and Linux versions of gvim and could not be solved unless a "terminal emulation" is implemented for gvim. To circumvent this you have to use any combination of gpg-agent and a graphical pinentry program:

gpg-agent only: you need to provide the passphrase for the needed key to gpg-agent in a terminal before you open files with gvim which require this key.
pinentry only: you will get a popup window every time you open a file that needs to be decrypted.
gpgagent and pinentry: you will get a popup window the first time you open a file that needs to be decrypted.

Credits

Mathieu Clabaut for inspirations through his vimspell.vim script.
Richard Bronosky for patch to enable .pgp suffix.
Erik Remmelzwaal for patch to enable windows support and patient beta testing.
Lars Becker for patch to make gpg2 working.
Thomas Arendsen Hein for patch to convert encoding of gpg output.
Karl-Heinz Ruskowski for patch to fix unknown recipients and trust model and patient beta testing.
Giel van Schijndel for patch to get GPG_TTY dynamically.
Sebastian Luettich for patch to fix issue with symmetric encryption an set recipients.
Tim Swast for patch to generate signed files.
James Vega for patches for better *.asc handling, better filename escaping and better handling of multiple keyrings.

License

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

jamessan / vim-gnupg

readme