diff options
Diffstat (limited to 'runtime/doc/editing.txt')
| -rw-r--r-- | runtime/doc/editing.txt | 123 |
1 files changed, 6 insertions, 117 deletions
diff --git a/runtime/doc/editing.txt b/runtime/doc/editing.txt index e4867e7a90..eeb4cde628 100644 --- a/runtime/doc/editing.txt +++ b/runtime/doc/editing.txt @@ -550,10 +550,6 @@ Before editing binary, executable or Vim script files you should set the option. This will avoid the use of 'fileformat'. Without this you risk that single <NL> characters are unexpectedly replaced with <CR><NL>. -You can encrypt files that are written by setting the 'key' option. This -provides some security against others reading your files. |encryption| - - ============================================================================== 3. The argument list *argument-list* *arglist* @@ -1356,119 +1352,12 @@ There are a few things to remember when editing binary files: ============================================================================== 9. Encryption *encryption* -Vim is able to write files encrypted, and read them back. The encrypted text -cannot be read without the right key. -{only available when compiled with the |+cryptv| feature} *E833* - -The text in the swap file and the undo file is also encrypted. *E843* -However, this is done block-by-block and may reduce the time needed to crack a -password. You can disable the swap file, but then a crash will cause you to -lose your work. The undo file can be disabled without much disadvantage. > - :set noundofile - :noswapfile edit secrets - -Note: The text in memory is not encrypted. A system administrator may be able -to see your text while you are editing it. When filtering text with -":!filter" or using ":w !command" the text is not encrypted, this may reveal -it to others. The 'viminfo' file is not encrypted. - -WARNING: If you make a typo when entering the key and then write the file and -exit, the text will be lost! - -The normal way to work with encryption, is to use the ":X" command, which will -ask you to enter a key. A following write command will use that key to -encrypt the file. If you later edit the same file, Vim will ask you to enter -a key. If you type the same key as that was used for writing, the text will -be readable again. If you use a wrong key, it will be a mess. - - *:X* -:X Prompt for an encryption key. The typing is done without showing the - actual text, so that someone looking at the display won't see it. - The typed key is stored in the 'key' option, which is used to encrypt - the file when it is written. The file will remain unchanged until you - write it. See also |-x|. - -The value of the 'key' options is used when text is written. When the option -is not empty, the written file will be encrypted, using the value as the -encryption key. A magic number is prepended, so that Vim can recognize that -the file is encrypted. - -To disable the encryption, reset the 'key' option to an empty value: > - :set key= - -You can use the 'cryptmethod' option to select the type of encryption, use one -of these two: > - :setlocal cm=zip " weak method, backwards compatible - :setlocal cm=blowfish " strong method -Do this before writing the file. When reading an encrypted file it will be -set automatically to the method used when that file was written. You can -change 'cryptmethod' before writing that file to change the method. -To set the default method, used for new files, use one of these in your -|vimrc| file: > - set cm=zip - set cm=blowfish -The message given for reading and writing a file will show "[crypted]" when -using zip, "[blowfish]" when using blowfish. - -When writing an undo file, the same key and method will be used for the text -in the undo file. |persistent-undo|. - - *E817* *E818* *E819* *E820* -When encryption does not work properly, you would be able to write your text -to a file and never be able to read it back. Therefore a test is performed to -check if the encryption works as expected. If you get one of these errors -don't write the file encrypted! You need to rebuild the Vim binary to fix -this. - -*E831* This is an internal error, "cannot happen". If you can reproduce it, -please report to the developers. - -When reading a file that has been encrypted and the 'key' option is not empty, -it will be used for decryption. If the value is empty, you will be prompted -to enter the key. If you don't enter a key, or you enter the wrong key, the -file is edited without being decrypted. There is no warning about using the -wrong key (this makes brute force methods to find the key more difficult). - -If want to start reading a file that uses a different key, set the 'key' -option to an empty string, so that Vim will prompt for a new one. Don't use -the ":set" command to enter the value, other people can read the command over -your shoulder. - -Since the value of the 'key' option is supposed to be a secret, its value can -never be viewed. You should not set this option in a vimrc file. - -An encrypted file can be recognized by the "file" command, if you add these -lines to "/etc/magic", "/usr/share/misc/magic" or wherever your system has the -"magic" file: > - 0 string VimCrypt~ Vim encrypted file - >9 string 01 - "zip" cryptmethod - >9 string 02 - "blowfish" cryptmethod - - -Notes: -- Encryption is not possible when doing conversion with 'charconvert'. -- Text you copy or delete goes to the numbered registers. The registers can - be saved in the .viminfo file, where they could be read. Change your - 'viminfo' option to be safe. -- Someone can type commands in Vim when you walk away for a moment, he should - not be able to get the key. -- If you make a typing mistake when entering the key, you might not be able to - get your text back! -- If you type the key with a ":set key=value" command, it can be kept in the - history, showing the 'key' value in a viminfo file. -- There is never 100% safety. The encryption in Vim has not been tested for - robustness. -- The algorithm used for 'cryptmethod' "zip" is breakable. A 4 character key - in about one hour, a 6 character key in one day (on a Pentium 133 PC). This - requires that you know some text that must appear in the file. An expert - can break it for any key. When the text has been decrypted, this also means - that the key can be revealed, and other files encrypted with the same key - can be decrypted. -- Pkzip uses the same encryption as 'cryptmethod' "zip", and US Govt has no - objection to its export. Pkzip's public file APPNOTE.TXT describes this - algorithm in detail. -- Vim originates from the Netherlands. That is where the sources come from. - Thus the encryption code is not exported from the USA. + *:X* *E817* *E818* *E819* *E820* +Support for editing encrypted files has been removed, but may be added back in +the future. See the following discussions for more information: + + https://github.com/neovim/neovim/issues/694 + https://github.com/neovim/neovim/issues/701 ============================================================================== 10. Timestamps *timestamp* *timestamps* |