Comments (7)
Can you show the output of the following commands on a file where you're experiencing this issue?
gpg --verbose --decrypt --list-only --dry-run foo.gpg
gpg --verbose --decrypt --list-only --dry-run --status-fd 2 foo.gpg >/dev/null
gpg --verbose --decrypt --status-fd 2 foo.gpg > /dev/null
from vim-gnupg.
By supporting vim modelines in the encrypted content, it would be easy to specifiy a list of recipients in the decrypted content. Not sure whether this is feasible though.
Even if it were, it's not something I would do. I find modelines problematic from a security perspective in general and would not want to implement my own ad-hoc modeline-like support for this plugin.
from vim-gnupg.
Here's the output you asked for:
$ gpg --verbose --decrypt --list-only --dry-run foo.gpg
gpg: Note: RFC4880bis features are enabled.
gpg: public key is 0x0000000000000000
$ gpg --verbose --decrypt --list-only --dry-run --status-fd 2 foo.gpg >/dev/null
gpg: Note: RFC4880bis features are enabled.
gpg: public key is 0x0000000000000000
[GNUPG:] ENC_TO 0000000000000000 18 0
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] END_DECRYPTION
$ gpg --verbose --decrypt --status-fd 2 foo.gpg > /dev/null
gpg: Note: RFC4880bis features are enabled.
gpg: public key is 0x0000000000000000
[GNUPG:] ENC_TO 0000000000000000 18 0
gpg: encrypted with ECDH key, ID 0x0000000000000000
[GNUPG:] KEY_CONSIDERED 680AXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 0
gpg: anonymous recipient; trying secret key 0x4255XXXXXXXXXXXX ...
gpg: pinentry launched (350008 qt:curses 1.2.0-unknown /dev/pts/0 xterm-256color - 20620/1000/5 1000/1000 0)
[GNUPG:] PINENTRY_LAUNCHED 350008 qt:curses 1.2.0-unknown /dev/pts/0 xterm-256color - 20620/1000/5 1000/1000 0
gpg: pinentry launched (350079 qt:curses 1.2.0-unknown /dev/pts/0 xterm-256color - 20620/1000/5 1000/1000 0)
[GNUPG:] PINENTRY_LAUNCHED 350079 qt:curses 1.2.0-unknown /dev/pts/0 xterm-256color - 20620/1000/5 1000/1000 0
gpg: pinentry launched (350099 qt:curses 1.2.0-unknown /dev/pts/0 xterm-256color - 20620/1000/5 1000/1000 0)
[GNUPG:] PINENTRY_LAUNCHED 350099 qt:curses 1.2.0-unknown /dev/pts/0 xterm-256color - 20620/1000/5 1000/1000 0
[GNUPG:] KEY_CONSIDERED 680AXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 0
gpg: using pgp trust model
[GNUPG:] DECRYPTION_KEY EF5C0XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 680AXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX u
gpg: okay, we are the anonymous recipient.
[GNUPG:] BEGIN_DECRYPTION
gpg: AES256.CFB encrypted data
[GNUPG:] DECRYPTION_INFO 2 9 0
gpg: original file name=''
[GNUPG:] PLAINTEXT 62 1649002851
[GNUPG:] DECRYPTION_OKAY
[GNUPG:] GOODMDC
[GNUPG:] END_DECRYPTION
I've redacted my actual key id's by replacing some hex values with XXXX as you will see above. It might be noteworthy that only the last command requested access to my security key. Tell me if you need anything else.
Even if it were, it's not something I would do. I find modelines problematic from a security perspective in general and would not want to implement my own ad-hoc modeline-like support for this plugin.
I feel the same way security wise. Could've been a dirty workaround to the problem, if not fixable by other means.
from vim-gnupg.
Ok, so the last option gives us some information to use. This basically boils down to a duplicate of #121. The plugin needs to change to use --status-fd
.
However, even with those changes, recipients are still going to be "lost" since they're not recorded in the file. The only recipient that will be retained is you, and you can achieve the same by adding encrypt-to <your key>
in ~/.gnupg/gpg.conf.
from vim-gnupg.
Unfortunately I have several security keys and some files are encrypted with key A and others with key B. So an entry in ~/.gnupg/gpg.conf
will not really work.
What would prevent this plugin from parsing which secret key worked for decryption and use that instead of an empty list of recepients? This would absolutely solve the problem for me.
from vim-gnupg.
What would prevent this plugin from parsing which secret key worked for decryption and use that instead of an empty list of recepients?
Nothing. :) That's something I agree should be fixed. However, that will only preserve yourself as a recipient, not any of the other recipients. That's the only caveat I was pointing out.
from vim-gnupg.
Ah I'm sorry. I interpreted your previous message as "[all] recipients would be lost", which we agree isn't the case. Thanks for clarifying. :)
from vim-gnupg.
Related Issues (20)
- Error While Opening File - Unknown Function: gnupg#init HOT 3
- Implement g:GPGReplaceKeys to automatically replace keys HOT 2
- contents of main buffer are parsed as recipients HOT 2
- gpg#init doesn't exist HOT 3
- 'tty' is not recognized as an internal or external command
- Already encrypted file "File is not encrypted, all GPG functions disabled!" HOT 2
- Missing first 2 symbols on line 2 after opening file HOT 3
- Error when doing ':wq' with newer vim version HOT 2
- Please add /doc/tags to .gitignore
- Decryption failures in nvim HOT 1
- The cipher AES.CFB is not known by the local gpg command. Using default! HOT 4
- Need to type passphrase on every :w ? HOT 4
- Docs: Include warning that other processes can read plaintext with default config HOT 2
- Start vim without to create a buffer to edit recipients (GPGEditRecipients) HOT 1
- Not decrypting after upgrade to GnuPG 2.3.4 HOT 12
- Add the ability to use age? HOT 2
- Unable to write to encrypted file. Error: Message could not be encrypted! (Press ENTER) HOT 4
- [Bug] Neovim compatability of vim-gnupg with pinentry-mac - only get encrypted file HOT 5
- Error detected while processing BufReadCmd Autocommands for "*.{gpg,asc,pgp}" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vim-gnupg.