vimcatblowfish

Display a blowfish encrypted file without vi(m)


I have a file I have encrypted in vi (vi -x myfile) with blowfish2 encryption (:setlocal cm=blowfish2). I can supply the password and edit the file with no problem.

If all I want to do is view the file, is there a cat equivalent that will take the password and simply display the contents?


Solution

  • First of all, we're talking about Vim as Vi does not have the encryption feature.

    I don't have an answer that works "without Vim" but I do have one that will look and feel somewhat like cat. More explanation can be found in the answers to Pipe Vim buffer to stdout.

    The general idea is to run Vim in batch mode (see :help -s-ex), :print all the files passed as arguments and quit immediately afterwards.

    That's what the following alias does:

    alias vimcat="vim -es -c'argdo %print' -c'qa!'"
    

    The major caveat is that Vim is in silent mode. It will ask for a key when it encounters an encrypted file but the prompt will be swallowed and it will just look stuck. If you keep that in mind, you can enter the key anyway and go on.

    There are two ways to mitigate, you can add the -x option and enter the key right away (also without prompt and twice), when starting. The alternative is to pass a configuration file by -u key.vim which contains the line set key=<your secret key>. Of course, this would mean having the key in plain text in a file which may not be acceptable from a security point of view.


    I dug a little deeper to find a more elegant solution (without success). Vim prefixes encrypted files with the magic string VimCrypt~03! where 03 stands for blowfish2 encryption. This is followed by what I assume is salt and the encrypted file content comes last. So there's little wonder OpenSSL cannot handle a file encrypted by Vim (as already commented by user phd). I tried simple stuff like replacing the magic VimCrypt string with something OpenSSL might digest but that didn't work out.

    The next step would be to dive into the source code of Vim's Blowfish algorithm and I stopped before that.


    Looking back from a distance of a couple of days I think the most promising solution would be to use Vim's encryption algorithm (which is open source). This can be turned into a standalone executable that reads from stdin and writes to stdout. Another idea would be to create a plugin to OpenSSL so it can be used with it.

    This would need some coding, though.