Americas

  • United States
sandra_henrystocker
Unix Dweeb

Using the vim editor in Linux to quickly encrypt and decrypt files

How-To
Jan 26, 20214 mins
Linux

Most Linux users know vim as a text editor that descended from vi. It can also function as a tool for encrypting text files. In this post, we examine how this is done and how to reverse the process.

A protected padlock with checkmark amid a field of abstract data.
Credit: Matejmo / Getty Images

Any time you have a text file on a Linux system that you want to keep private regardless of the privileges that other users with accounts on the system may have, you can resort to encryption. One easy way to do this is to use a feature that is built into the vim editor. You will have to provide a password that will you then need to remember or store in a password safe, but the process is straightforward. The file name will not be changed in any way, and the content of the file can be recovered in much the same way that it was encrypted.

To begin, let’s say that we have a file that begins like this:

$ head -3 mysecret
I feel the need to put my deepest darkest secret into a text file on my Linux
system. While this likely isn't common practice, I'm not sure that I can trust
anyone with it. But a penguin? That's a different story! So here goes ...

Now, not wanting to risk your deepest darkest secret to fellow users, you use vim with its -x (encryption) option.

$ vim -x mysecret

The vim editor will immediately ask for an encryption key. You will have to enter it twice. Note that the password will not be displayed as you type it. Instead, each character will be displayed as an asterisk.

Enter encryption key: *********
Enter same key again: *********

Once vim has then opened your file, it looks normal and you can continue editing or adding details to your deep dark secret should you want to do so or simply move on to writing out the file in encrypted form.

To write out encrypted content, simply save the file as you would normally do with vim.

:wq

Anyone who then tries to look at the file will likely see something like this:

VimCrypt~036▒!y)K▒▒i▒▒▒▒▒{▒z▒▒▒D▒:▒▒7▒▒蝇Xd▒#n▒▒▒ڎq4▒▒݋▒^9▒|▒▒▒+A▒]j▒▒▒a▒N▒▒
▒▒▒▒▒▒}▒▒&f▒▒A3▒Wt[▒T:с▒أny▒*▒▒}▒▒▒▒▒"▒▒▒ڈ^▒C▒E▒W▒▒v▒pV▒_▒Cj͞.EA▒▒▒#▒ex▒:▒K▒▒`P
▒u▒ ▒▒yhK▒X▒▒(W▒s(RY▒A▒
                 ▒▒l9▒▒▒_▒▒▒▒▒I▒▒Lk▒      ▒k▒▒▒▒=▒5G▒▒▒t▒2Ӣ▒gF▒   3▒Iq▒C▒▒▒▒OZ[▒l▒_▒~▒▒z

Once you are ready to read your file again or continue with your detailed expression of your deep dark secret, use the vim command again and provide the password when prompted.

$ vim mysecret
Need encryption key for "mysecret"
Enter encryption key: *********

The content should again be displayed in plain text.

I feel the need to put my deepest darkest secret into a text file on my Linux
system. While this likely isn't common practice, I'm not sure that I can trust
anyone with it. But a penguin? That's a different story! So here goes ...

End your vim session with the usual :wq and the file will remain encrypted.

If, at some point, you are ready to share your deep dark secret with others, you can reverse the file encryption as simply as you invoked it in the first place. First, use a vim -X command. Note the use of a capitalized X this time:

$ vim -X mysecret
Need encryption key for "mysecret"
Enter encryption key: *********

You will then see your original text.

I feel the need to put my deepest darkest secret into a text file on my Linux
system. While this likely isn't common practice, I'm not sure that I can trust
anyone with it. But a penguin? That's a different story! So here goes ...

Then enter :X but, when prompted to enter an encryption key again (twice), simply press the Enter key:

Enter encryption key:
Enter same key again:

Use :wq to write the file out again. After that, your file will be back in its unencrypted form.

$ head -3 mysecret
I feel the need to put my deepest darkest secret into a text file on my Linux
system. While this likely isn't common practice, I'm not sure that I can trust
anyone with it. But a penguin? That's a different story! So here goes ...

More choices

Many other tools are available to encrypt files, but this technique requires nothing more than vim and whatever method you use to remember your keys. To determine whether a file is encrypted by vim, you can run the file command. In the example below, we see what this command tells you when a file is encrypted and when it is not.

$ file mysecret
mysecret: Vim encrypted file data
$ file mysecret
mysecret: UTF-8 Unicode text

To read about other some other choices for encrypting files, check out this post on easy choices for encrypting files.

sandra_henrystocker
Unix Dweeb

Sandra Henry-Stocker has been administering Unix systems for more than 30 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing about Unix, she's chasing the bears away from her bird feeders.

The opinions expressed in this blog are those of Sandra Henry-Stocker and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.