Print (decrypt) a vim encrypted file

Solution 1:

Have a look at the open-source vimdecrypt :

Command line tool for decrypting vim-blowfish-encrypted files.

As of version 7.3 vim offers strong built in blowfish encryption/decryption, which for certain purposes is more convenient than filtering through gnupg. Unfortunately the resulting files can only be read back by vim which makes it hard to use them in batch processing or scripting. Also longevity of encrypted data is a concern if a program with the dependencies and size of vim is required to unlock it.

Vimdecrypt lifts two relevant files from the vim source, blowfish.c and sha256.c, and interfaces them in a simple command line tool. Data is read from a file, decrypted data is written to stdout.

vimdecrypt path_to_data

The password is obtained via GNU getpass which does not interfere with stdin/stdout redirection.

Vim's configure system is entirely stripped away which might have broken support for other platforms than the 32 bit i386 linux it was developed on. Since the two relevant files are taken from the vim project unmodified it should be trivial to restore support on other platforms by fixing the vim.h header.

Solution 2:

This is not an elegant solution---it is quick and dirty---but it does work on single files and you can use it as a shell script.

It's a sequence of three commands which perform the following:

  1. Open file in vim (read only mode): vim -R
  2. Save the file in plaintext and quit: -c ":set key= | sav ${filename}.plain | q
  3. Cat the plaintext file: cat ${filename}.plain
  4. (Optionally) delete the plaintext file: rm ${filename}.plain

In the end you can have a script that also passes the password to the vim command. As a simple script it would be:

filename=$1
password=$2

vim -R -c ":set key= | sav ${filename}.plain | q" -- ${filename} <<< $password && cat ${filename}.plain && rm ${filename}.plain

where the first argument is the filename and the second is the password.

Of course, there are several things you should keep in mind:

  • Make sure you're not overwriting existing files which happen to have the name ${filename}.plain.
  • The password will appear on the command line and be saved in history. If you want to be prompted for a password every time, remove the <<< $password part.