Using
Vim, it's possible to save files as ciphertext. Simply use the '
:X' command with the file opened in vim, set the password and save the file. There'll be the following warning displayed when setting the password in the default encryption mode:
Warning: Using a weak encryption method; see :help 'cm'
Changing the Encryption Mode
Looking at the help page ('
:help cryptmethod'), we find that Vim supports only three ciphers by default: PkZip, Blowfish and Blowfish2. PkZip is considered weak - it is a stream cipher that XORs the file with the password. Blowfish's
implementation in vim is dodgy, with multiple bytes repeated in the ciphertext. Blowfish2 is an improved and recommended option, but older installations of Vim cannot decrypt a Blowfish2-encrypted file.
It's possible to set the encryption type for an opened file with either of the following commands:
:setlocal cm=blowfish2
Or
:set cryptmethod=blowfish2
To set the encryption mode as a configuration option, add the following lines to
/etc/vim/vimrc:
set cm=blowfish2
set viminfo=
set nobackup
set nowritebackup
This should set the default cipher to Blowfish2, and prevent any background writes of the plaintext to the hard disk.