Quickly Encrypting Blocks of Text in Vim
Keeping your notes in a public GitHub repo is a good way to share useful
information. But, there are probably a few things that you’d like to keep
encrypted for various reasons. Here’s how to leverage GPG and vim’s !
command
(which lets you call external programs) to encrypt blocks of text without
encrypting entire files.
TL;DR
This assumes you have gpg
installed and on your path.
To encrypt: select the plaintext with V
, press :
, and then enter the command !gpg -ca
. You will be prompted to set a password.
To decrypt: select the PGP message with V
, press :
, and then enter the command !gpg -qd
. Enter in the password you set when encrypting.
Encrypting
Select the text you’d like to encrypt in visual mode. (for example, select the
lines using V
).
Then, type :
to being entering a command, and !gpg -ca
. The c
flag
instructs gpg to use symmetric, passphrase based encryption, and running this
command will prompt you for a password. The a
flag adds ‘ascii armor’ to
the encrypted text, so that the original plaintext will be replaced with this:
1 | -----BEGIN PGP MESSAGE----- |
Decrypting
To decrypt, select the ‘armored’ block of text in visual mode, type :
and
enter the command !gpg -qd
, as above. The d
flag will decrypt the
visually selected text, and will prompt you for a password. The q
flag
prevents various other info from being printed. Enter the password you entered
when encrypting, and the ‘armored’ PGP message will be replaced by your original
plaintext!
Using Key
If you don’t want to keep typing passwords to encrypt/decrypt files, you can use your PGP key.
This assumes that you’ve already generated a keypair.
In order to avoid repeatedly specifying yourself as the recipient of the
‘message’, set yourself as the ‘default recipient’ by adding the following to
~/.gnupg/gpg.conf
:
1 | default-recipient <yourkeyid> |
<yourkeyid>
can be found with gpg --list-keys
, it’s the eight-character
value after the /
in the second column.
Then, everything works the same, except that you encrypt the text
using !gpg -ae
instead of !gpg -ca
. Decryption will work automatically with
!gpg -qd
.
Keep in mind that you now need to make sure that you don’t lose your private key!
More
Ways to improve this functionality:
- create mappings to eliminate keystrokes
- use the built-in vim blowfish encryption
- automatically encrypt/decrypt all armored PGP blocks in a file with the same passphrase