On 2016-09-25 13:15, Shawn H Corey wrote:
>> > I wonder how string the builtin encryption of vim really is.
>>
>> Encryption really isn't the business of a text editor. Decrypt the
>> cipher-text, feed it to the editor, encrypt when saving, and be
>> sure to delete any temporary/backup files.
>
> It is the business of an editor when it stores temporary files.
> Those too have to be encrypted or it's all wasted effort.
swap/temporary files should be encrypted *or not used*. I believe
one of the GPG plugins I tried disabled a number options such as the
swap file, undo history, and persisting of registers in .viminfo so
it would read the encrypted file in, disable all the settings, pass
it through GPG to decrypt it, allow viewing/editing, then encrypt
upon writing. There's still the possibility of the OS swapping the
memory out to an unencrypted swap space, but that's an OS thing (on
OpenBSD, the swap is encrypted by default; on other OSes, you might
have to jump through some hoops).
-tim