Comments on: Perform GnuPG Functions Within Vim http://www.savvyadmin.com/perform-gnupg-functions-within-vim/ For savvy admins everywhere... Fri, 21 Nov 2008 21:17:48 +0000 http://wordpress.org/?v=2.6.3 By: pqs http://www.savvyadmin.com/perform-gnupg-functions-within-vim/#comment-89 pqs Mon, 17 Mar 2008 10:53:42 +0000 http://www.savvyadmin.com/2007/10/08/perform-gnupg-functions-within-vim/#comment-89 Thanks, it works fine to me like this. :-) Thanks, it works fine to me like this. :-)

]]> By: gmendoza http://www.savvyadmin.com/perform-gnupg-functions-within-vim/#comment-77 gmendoza Tue, 19 Feb 2008 17:08:27 +0000 http://www.savvyadmin.com/2007/10/08/perform-gnupg-functions-within-vim/#comment-77 Interestingly, I have confirmed the same behavior. It has to do with the way gvim starts (forks) with it's own Parent PID, and that it has no TTY associated with the process. When launching gvim, use the -f option, either at the command line or by editing your launcher to include the variable. <code>$ gvim -f</code> You can see what I'm referring to by checking out the process tree. Here you can compare the PPID's, and TTY of both gvim and vim. <code>$ ps -ef | grep vim UID PID PPID C STIME TTY TIME CMD gmendoza 31432 1 0 08:48 ? 00:00:00 gvim gmendoza 31455 29799 0 08:49 pts/0 00:00:00 vim</code> You can also see this with "pstree" for a nice visual. In my search, there were numerous references to the above error which suggested using the --batch and --no-tty options, but batch mode needs a passphrase supplied at the command line, or some other form of auth, e.g. private key, etc. Not a good solution obviously. The -f option does exactly what we need. Interestingly, I have confirmed the same behavior. It has to do with the way gvim starts (forks) with it’s own Parent PID, and that it has no TTY associated with the process.

When launching gvim, use the -f option, either at the command line or by editing your launcher to include the variable.

$ gvim -f

You can see what I’m referring to by checking out the process tree. Here you can compare the PPID’s, and TTY of both gvim and vim.

$ ps -ef | grep vim
UID PID PPID C STIME TTY TIME CMD
gmendoza 31432 1 0 08:48 ? 00:00:00 gvim
gmendoza 31455 29799 0 08:49 pts/0 00:00:00 vim

You can also see this with “pstree” for a nice visual.

In my search, there were numerous references to the above error which suggested using the –batch and –no-tty options, but batch mode needs a passphrase supplied at the command line, or some other form of auth, e.g. private key, etc. Not a good solution obviously. The -f option does exactly what we need.

]]> By: pqs http://www.savvyadmin.com/perform-gnupg-functions-within-vim/#comment-76 pqs Tue, 19 Feb 2008 09:12:41 +0000 http://www.savvyadmin.com/2007/10/08/perform-gnupg-functions-within-vim/#comment-76 Hello, for me this works only from a terminal. It doesn't work using gvim. gpg: cannot open `/dev/tty' do you know if there is a workarround? thanks Hello, for me this works only from a terminal. It doesn’t work using gvim.

gpg: cannot open `/dev/tty’

do you know if there is a workarround?

thanks

]]> By: blacky http://www.savvyadmin.com/perform-gnupg-functions-within-vim/#comment-75 blacky Fri, 15 Feb 2008 19:28:28 +0000 http://www.savvyadmin.com/2007/10/08/perform-gnupg-functions-within-vim/#comment-75 I have found another plugin that will do what I used to do with vim. It has the disadvantage of not allowing asymetric encryption, so all people who edit/read the file have to know the passphrase. As I used vim mainly as a password safe, this is no problem for me. The plugin can be found here: <a href="http://www.noah.org/wiki/Password_Safe_with_Vim_and_OpenSSL" rel="nofollow">openssl.vim</a> I have found another plugin that will do what I used to do with vim. It has the disadvantage of not allowing asymetric encryption, so all people who edit/read the file have to know the passphrase. As I used vim mainly as a password safe, this is no problem for me. The plugin can be found here:

openssl.vim

]]> By: Dave http://www.savvyadmin.com/perform-gnupg-functions-within-vim/#comment-70 Dave Wed, 06 Feb 2008 04:43:23 +0000 http://www.savvyadmin.com/2007/10/08/perform-gnupg-functions-within-vim/#comment-70 Would something as simple as this added to vimrc address the .viminfo and related concerns? augroup encrypted au! " First make sure nothing is written to ~/.viminfo while editing an encrypted file. autocmd BufReadPre,FileReadPre,BufNewFile *.gpg,*.asc set viminfo= " We don't want a swap file, as it writes unencrypted data to disk. autocmd BufReadPre,FileReadPre,BufNewFile *.gpg,*.asc set noswapfile augroup END Would something as simple as this added to vimrc address the .viminfo and related concerns?

augroup encrypted
au!
” First make sure nothing is written to ~/.viminfo while editing an encrypted file.
autocmd BufReadPre,FileReadPre,BufNewFile *.gpg,*.asc set viminfo=
” We don’t want a swap file, as it writes unencrypted data to disk.
autocmd BufReadPre,FileReadPre,BufNewFile *.gpg,*.asc set noswapfile
augroup END

]]> By: gmendoza http://www.savvyadmin.com/perform-gnupg-functions-within-vim/#comment-65 gmendoza Fri, 28 Dec 2007 17:09:16 +0000 http://www.savvyadmin.com/2007/10/08/perform-gnupg-functions-within-vim/#comment-65 Agreed. This is a common issue that people should always understand when encrypting files. Vim, as with many other applications, typically leave behind trails or copies of unencrypted data. e.g. Office applications, log files, even bash command history. Even if these files are "securely" wiped, most journaled file systems retain copies of data elsewhere on the disk, and they can be easily restored using forensic utilities. To use PGP as your only line of defense for privacy would be foolish. After all, it is just named "Pretty Good Privacy". :-) Thanks for your valued input! Agreed. This is a common issue that people should always understand when encrypting files. Vim, as with many other applications, typically leave behind trails or copies of unencrypted data. e.g. Office applications, log files, even bash command history. Even if these files are “securely” wiped, most journaled file systems retain copies of data elsewhere on the disk, and they can be easily restored using forensic utilities. To use PGP as your only line of defense for privacy would be foolish. After all, it is just named “Pretty Good Privacy”. :-)

Thanks for your valued input!

]]> By: blacky http://www.savvyadmin.com/perform-gnupg-functions-within-vim/#comment-62 blacky Fri, 28 Dec 2007 10:44:08 +0000 http://www.savvyadmin.com/2007/10/08/perform-gnupg-functions-within-vim/#comment-62 While this is all nice, it has a caveat: vim tends to leave around .viminfo and similar files that contain plaintext versions (or parts) of the file edited. One can take measures against that. There's a vim script (can be found over at vim.org) that takes care of all that. Unfortunately, it doesn't work well if you use vim with gnupg2 and without gpg-agent. Still, it might be worth a look. It doesn't replace the signing-part but it's nice if you want to autocrypt files on you disk. While this is all nice, it has a caveat: vim tends to leave around .viminfo and similar files that contain plaintext versions (or parts) of the file edited. One can take measures against that. There’s a vim script (can be found over at vim.org) that takes care of all that.

Unfortunately, it doesn’t work well if you use vim with gnupg2 and without gpg-agent. Still, it might be worth a look.

It doesn’t replace the signing-part but it’s nice if you want to autocrypt files on you disk.

]]>