nppcrypt files get encrypted AFTER they have been saved UNENCRYPTED

[dinkumoil]

Description

When nppcrypt files (automatic encoding when saved, automatic decoding when loaded) are saved, they are written in unencrypted form to user's hard disk. Encryption only takes place after providing a password. If the password dialog is cancelled the file remains unencrypted.

Applies to

NppCrypt v1.0.1.6 BETA (2019/02/21)

[jeanpaulrichter]

hi, thanks for your feedback. this is indeed kind of a problem, but let me explain the reason why it is not easily solved: before a file is saved notepad++ notfies all plugins (via the NPPN_FILEBEFORESAVE message), but if the user chose "save as" it is at this stage impossible for the plugin to determine the filename (and therefore if it is a nppcrypt-file). for this reason nppcrypt atm uses the message NPPN_FILESAVED to check for nppcrypt-files, then encrypts and resaves. i know this is far from ideal. maybe it is indeed better just to accept that "save as" won't work for nppcrypt files. what do you think? please note also that if you use the auto-backup feature of notepad++ plugins are (as far as i know) not notified at all when files are saved as an automatic backup :/

[dinkumoil]

Yes, I was facing the same problem when I developed my AutoCodepage plugin (automatic character encoding switching based on file extension). I decided to specify that my plugin helps only when working with already existing files. That means it gets not invoked when doing "Save as...".

IMHO in the case of your plugin security concerns should have more priority than ease of use. Thus I think it would be better to hook the NPPN_FILEBEFORESAVE event, check the file extension and trigger encryption if required.

If a user wants to create a file for encryption he has to create it in Windows Explorer via right-click menu, rename it to xxx.nppcrypt and finally load it into Notepad++.

Concerning the automatic backup feature of Notepad++ - maybe you should warn users in the manual of your plugin and recommend to turn off automatic backup when working with files intended for encryption.

[jeanpaulrichter]

i more or less agree. the beta downloads should be updated to reflect the changes. it's still not perfect of course (a plugin cannot cancel a save i think), but i hope it's an improvement.

[dinkumoil]

Thank you for this fix!