save to 0600 permission

[johnwmail]

Would you please add the feature, let vim-gnupg plugin save file at 0600 permission?

I dont want let other people read my secret file, even it is encrypted one.

Thank you.

[jamessan]

What about doing this?

autocmd BufWritePost * if get(b:, 'GPGEncrypted', 0) | call setfperm(expand('%'), 'rw-------') | endif

[johnwmail]

Hi jamessan,

I am not really know how to use it.
I tried to add this to ~/.vimrc or gnupg.vim,
then vim will save "encrypted file" with perm 0600 (Yes, this is what I want)
but, when I open some encrypted file, then save as new(:w! new.pgp) encrypted file,
It will not set perm as 0600.

1. open new.pgp and save it (work)
2. open old.pgp then save it (work)
3. open old.pgp then save as newone.pgp file ( NOT WORK, vim will save it with permission 0644)

Thanks.

[jamessan]

This would go in your ~/.vimrc file, although it needs a couple of safe guards to make sure it behaves properly if your vimrc happens to be sourced again after startup. The general pattern for safely defining auto-commands is to put them in a group, and always clear the group's auto-commands before defining more.

augroup johnwmail
    autocmd!
    autocmd BufWritePost * if getbufvar(expand('<abuf>'), 'b:GPGEncrypted', 0)) | call setfperm(expand('%'), 'rw-------') | endif
augroup END

Alternatively, instead of having a BufWritePost auto-command that triggers for every buffer, it could be defined only when you successfully open a file with gnupg. vim-gnupg's User auto-command can be used to help with that.

augroup johnwmail
    autocmd!
    autocmd User GnuPG autocmd BufWritePost <buffer=abuf> call setfperm(expand('%'), 'rw-------')
augroup END

When vim-gnupg has opened a buffer, it triggers the User autocommand with the GnuPG pattern. The above autocommand will then be run, and define a BufWritePost autocommand for that specific buffer.

[johnwmail]

Sorry, I only see your #3 comment, after I edited my #2 comment.
Please review my #2 comment.
Thanks.

[jamessan]

Yeah, I see that now. That's a trickier issue to solve, since the filename the auto-command is triggering is actually the filename minus the encrypted extension. There isn't an easy way to get the real filename.

I guess the most robust way to solve it is to have the plugin do it.

[johnwmail]

Hi, after added

augroup my.email@gmail.com
autocmd!
autocmd User GnuPG autocmd BufWritePost <buffer=abuf> * call setfperm(expand(''), 'rw-------')
augroup END

to ~/.vimrc, I got this error message

Error detected while processing /home/john/.vimrc:
line 106:
E492: Not an editor command: ^Iautocommand!
line 107:
E492: Not an editor command: ^Iautocommand User GnuPG autocommand BufWritePost <buffer=abuf> call setfperm(expand(''), 'rw-------')
Press ENTER or type command to continue

And if add below to ~/.vimrc

augroup my.email@gmail.com
autocmd!
autocmd BufWritePost * if getbufvar(expand(''), 'b:GPGEncrypted', 0)) | call setfperm(expand(''), 'rw-------') | endif
augroup END

No error for opening vim, but got error when save file
the error message only show a sec, then disappear , I can not to read it

[johnwmail]

Yeah, I see that now. That's a trickier issue to solve, since the filename the auto-command is triggering is actually the filename minus the encrypted extension. There isn't an easy way to get the real filename.

I guess the most robust way to solve it is to have the plugin do it.

Ok, thank you.