[ home ]

Transparently editing an encrypted secrets-file

What is this?

The following text describes how to set up an encrypted secrets-file for transparent editing (so that the file is decrypted on read, and encrypted on write). It uses ccrypt(1) and Vim on Arch Linux.

Actions below are described in more detail http://vim.wikia.com/wiki/Encryption.


You can now edit secrets.txt.cpt, and it'll be encrypted/decrypted on-the-fly.


Q: How to remember the passphrase for the secrets-file itself?

A: think up a number of personal challenges/responses, and construct the name of the secrets-file out of the challenges, or keywords refering to them.

To cat the contents of encrypted file:

ccrypt --cat secrets.txt.cpt

A note on security

As the original text and the ccrypt(1) manpage suggests, most modern *nix derivates don't allow an unprivileged user to see the environment of non-owned processes. Root can, however, e.g. through ps(1) and proc(5).