Encrypting Files Using vim editor in Linux

Vim, the popular text editor comes with a built-in feature to encrypt files with a password. Vim uses algorithms like Blowfish to encrypt files. It is faster and convenient than some other utilities available to do so.

To get started, all you need is a system with a full version of vim installed. Some Linux distributions are shipped with a minimal version of vim which doesn’t support file encryption and shows error message “Sorry, the command is not available for this version” if we try to encrypt it. There are two different ways to encrypt a file.

First method is to create a new file with encryption turned on by default type,

$ vim -x filename

That will create a new file and open a prompt to enter encryption key. Enter your key twice and press enter. Now, whatever we type in this file will be encrypted on saving and reading this file will require the key every time we try to open it with any text editors.

To encrypt an existing file, open the file with vim and press “ESC” key to enter into the command mode, then type command :X to get a prompt to enter the key. type your key twice and press enter. That’s it, the file is protected now. Note that vim commands are case sensitive and hence :X and :x carries a different meaning.

Second method to do the same is to type :set key="mykey" in the command mode. However, it is not recommended because the entered key might be visible in ~/.viminfo file, which contains your history of vim commands. Next time, whenever we try to open that file, vim will ask for the key. Entering the correct key will display content.

The file will still open even if we try to open it in some other editor except vim or provide incorrect or no key, but the content will not be in a readable format. It will show something like,

The details at the bottom content show the encryption algorithm used, which is blowfish in our case.

Changing/ Removing key: Changing or removing encryption is very easy. Just open the file and get a key prompt by typing :X and enter your new key. To remove protection from file, do not enter anything and press Enter twice by keeping space empty.

Now as we know the trick, we are ready to lock all the files containing confidential information. But wait, is this method a reliable one? Shall we use it? Well, that depends. Though the blowfish algorithm works very well, using vim for encryption might be problematic because there are no restrictions on writing to file even if it is encrypted.

Consider a scenario, where you create an encrypted file and store some important data into it. Now, next time while opening it, you accidentally entered incorrect key. So, what vim will do is display some text, not in a readable format. To go back and retry, instead of :q if you type :wq by mistake, vim will overwrite the file by replacing displayed text, not in a readable format with the original text. In such cases, data might not be recovered.