vim logo

Encrypt and password protect files using vim

VIM is a great text editor with innumerable number of features and options. In this article I am going to discuss a security feature of VIM using that we can encrypt files we are editing in VIM, making it impossible for other users to read even with root access.

Create new encrypted file.

To create, encrypt and password protect a file, open it using -x option.

VIM will ask for encryption key and will encrypt the content when you save the file.

Encrypt existing file.

To encrypt an existing file, use :X command inside VIM.
1 Open the file in VIM.

2 Press : and type X and enter.

3 VIM will ask for encryption key

4 Input encryption key and then save the file.

vim logo

Changing encryption algorithm.

From version 7.3, Vim supports Blowfish encryption as well as the default pkzip-compatible method. Starting at 7.4.399, a new blowfish method is available to fix security problems in the original.

Use one of the following to query or set the encryption method before writing the file:

cm is an abbreviation for cryptmethod. Pkzip is a weak encryption method, but is compatible with Vim 7.2 and older; Blowfish is strong, especially using the fixed “blowfish2” method.

To change the encryption algorithm in VIM version 7.3 and later, use setlocal VIM command.

1 Open the file in VIM.

2 Input encryption key to decrypt it.
3 Press Esc key, if you are in insert mode and press : and type setlocal cm? to get list of supported encryption method and use :setlocal cm=ENCRYPTION_METHOD to change it. EG, following will change encryption method to blowfish

Please note that algorithm that VIM provides are not strong as third-party tools such as PGP or GPG, as noted in VIM help page :

The algorithm used is breakable. A 4 character key in about one hour, a 6 character key in one day (on a Pentium 133 PC). This requires that you know some text that must appear in the file. An expert can break it for any key. When the text has been decrypted, this also means that the key can be revealed, and other files encrypted with the same key can be decrypted.