Perform GnuPG Functions Within Vim

Posted by admin on October 8, 2007 under Tech Tips | 9 Comments to Read

Performing GnuPG functions from Vim is actually pretty helpful if you work heavily with both applications on a regular basis. I was recently looking for a simple way to both word wrap and clearsign various text files within Vim, and found just what I was looking for.

1. (optional) Set the word wrap of text in Vim to a maximum text width of 70 characters. This can be done manually, or by simply adding the following text to your “~/.vimrc” file:

:set textwidth=70

2. As for the ability to clearsign, encrypt, decrypt and verify the text from within Vim, you can create command mode aliases as shortcuts for longer commands in Vim. Simply add the following to your “~/.vimrc” file:

:cmap cs %!gpg --clearsign
:cmap es %!gpg -seat
:cmap ee %!gpg -eat
:cmap de %!gpg -d

Once you save the changes to your .vimrc file, open any text file with vim, enter command mode, and type any of the shortcuts mentioned in step two; “cs” to clearsign, “es” to encrypt and sign, “ee” to encrypt with no signature, and “de” to decrypt or verify. The shortcut will display the command about to be issued, to which you can hit can enter to execute it. You will be prompted for recipients, and/or the private key passphrase depending on the function you choose.

If you are familiar with GnuPG syntax, you can change or add any of the above commands to your liking. For instance, for those of you with multiple PGP keys, you can add the “-u”option to specify which one you would like to use.

To wrap an existing unwrapped text file, simply higlight the entire message by placing the Vim cursor at the top of the file, press <shift>+V, followed by <shift>+G. This highlights all text as you will notice. While everything is highlighted, simply press “gq”. This will wrap everything according to your “textwidth” variable.

Feel free to test it out, and provide as much feedback as you like. Have fun.

Special Note:
When using the “textwidth” variable, you may find that it is useful to toggle the paste function. If you are pasting text that has a larger text width than that of which you have specified in Vim (in this case 70 characters), then your paste will automatically be word wrapped to 70.

You may not want this behavior, so the two opposing options you can set manually are:

:set paste
:set nopaste

Better yet, you can map a quick function key to toggle it on or off by adding the following to your .vimrc file:

:set pastetoggle=<F10>

To test, while in insert mode of Vim, press the F10 key, and you will notice that the mode will be clearly identified with:
"-- INSERT (paste) --"

This will allow you to paste text in it’s unwrapped form.

Be Sociable, Share!


  • blacky said,

    While this is all nice, it has a caveat: vim tends to leave around .viminfo and similar files that contain plaintext versions (or parts) of the file edited. One can take measures against that. There’s a vim script (can be found over at that takes care of all that.

    Unfortunately, it doesn’t work well if you use vim with gnupg2 and without gpg-agent. Still, it might be worth a look.

    It doesn’t replace the signing-part but it’s nice if you want to autocrypt files on you disk.

  • gmendoza said,

    Agreed. This is a common issue that people should always understand when encrypting files. Vim, as with many other applications, typically leave behind trails or copies of unencrypted data. e.g. Office applications, log files, even bash command history. Even if these files are “securely” wiped, most journaled file systems retain copies of data elsewhere on the disk, and they can be easily restored using forensic utilities. To use PGP as your only line of defense for privacy would be foolish. After all, it is just named “Pretty Good Privacy”. :-)

    Thanks for your valued input!

  • Dave said,

    Would something as simple as this added to vimrc address the .viminfo and related concerns?

    augroup encrypted
    ” First make sure nothing is written to ~/.viminfo while editing an encrypted file.
    autocmd BufReadPre,FileReadPre,BufNewFile *.gpg,*.asc set viminfo=
    ” We don’t want a swap file, as it writes unencrypted data to disk.
    autocmd BufReadPre,FileReadPre,BufNewFile *.gpg,*.asc set noswapfile
    augroup END

  • blacky said,

    I have found another plugin that will do what I used to do with vim. It has the disadvantage of not allowing asymetric encryption, so all people who edit/read the file have to know the passphrase. As I used vim mainly as a password safe, this is no problem for me. The plugin can be found here:


  • pqs said,

    Hello, for me this works only from a terminal. It doesn’t work using gvim.

    gpg: cannot open `/dev/tty’

    do you know if there is a workarround?


  • gmendoza said,

    Interestingly, I have confirmed the same behavior. It has to do with the way gvim starts (forks) with it’s own Parent PID, and that it has no TTY associated with the process.

    When launching gvim, use the -f option, either at the command line or by editing your launcher to include the variable.

    $ gvim -f

    You can see what I’m referring to by checking out the process tree. Here you can compare the PPID’s, and TTY of both gvim and vim.

    $ ps -ef | grep vim
    gmendoza 31432 1 0 08:48 ? 00:00:00 gvim
    gmendoza 31455 29799 0 08:49 pts/0 00:00:00 vim

    You can also see this with “pstree” for a nice visual.

    In my search, there were numerous references to the above error which suggested using the –batch and –no-tty options, but batch mode needs a passphrase supplied at the command line, or some other form of auth, e.g. private key, etc. Not a good solution obviously. The -f option does exactly what we need.

  • pqs said,

    Thanks, it works fine to me like this. :-)

  • Santana said,

    Hi. Good site.

  • Tyler Wagner said,

    See this awesome gpg vim script for a much better way of doing this:

Add A Comment