John Beckett wrote: > Suggested new feature: > Make an easy way to encrypt a secret within a line. > Then you can have a simple text file to document stuff, with > embedded secrets. On reading, you only need to enter a key if you > want to see a secret. > > Example lines before encryption: > > server12 { admin topsecret } any text > mybank { account 123456789 pin 1234 } > > Example lines after encryption: > > server12 {~8vP09fb3+Pn6+/z9/v8AAwocSE9cDYPAYJUThgE} any text > mybank {~afSDKoy9saGMCZ91x6F7pHkwdzEcMBoGCSqGSIb3DQEJ} > > When viewing a file with encrypted secrets, it doesn't matter if > others are shoulder surfing. You only need to get rid of onlookers > for the short time it would take to enter a key and view a secret in > the message line (which would not change the file). > > I implemented this scheme in an obsolete editor many years ago, > and offer the suggestion in case it appeals to Bram. However, as > noted in my "Suggestions" message, I think new features should be > resisted in favour of fixups, so I won't be offended if this is > ignored. > > A more detailed description of the proposal follows. > > A secret is entered between "{ " and "}" on a single line. > There is a space after the opening brace. > > The encrypted result is stored as base64 text, with "~" inserted as > the first character. The space (plaintext) and tilde (ciphertext) > are safety checks so text is not encrypted or decrypted twice. > > These commands would be required: > > EnterKey - Prompt user to enter a key for encryption/decryption. > EncryptLine - Encrypt text inside braces on the current line. > DecryptLine - Reverse EncryptLine. > ShowSecret - Show decrypted secret in the message line. > > EnterKey prompts the user and allows them to enter a key (no echo). > The key is hashed, and the hash is retained in memory for this > session. It can be cleared by using EnterKey to enter a blank key. > The hashed key is used for any subsequent encryption and decryption. > > EncryptLine checks that the current line contains "{ " (with space), > followed by "}". It then uses the hashed key to encrypt the text > between the braces, then replaces that text in the current line with > a base64 encoded form of the ciphertext. > > EncryptLine inserts a tilde (~) after the first brace. This is a > safety mechanism so you won't accidentally encrypt a line twice. > > EncryptLine inserts a small amount of random padding (salt). The > padding is of variable length so the length of the secret is not > known to intruders. However, there is only a small amount of padding > so the result is fairly compact. > > ShowSecret decrypts the secret in the current line, and displays the > plaintext in the message line. The file is not changed. There should > be an easy way to put the plaintext in the clipboard, and an easy > way to blank the displayed secret. > > DecryptLine reverses EncryptLine, changing the current line. It does > nothing (apart from display an error) if the result is not > reasonable (the ciphertext must be a tilde followed by base64, and > the decryption should satisfy certain sanity checks, and should > yield printable text starting with a space). This is a safety check > to avoid losing data if the wrong key is used to decrypt.
This is very a specific feature. You should implement this in a script, this doesn't sound like something Vim should support internally. -- A day without sunshine is like, well, night. /// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///