patch 9.0.1481: decrypting with libsodium may fail if the library changes
Problem: Decrypting with libsodium may fail if the library changes.
Solution: Add parameters used to the encrypted file header. (Christian
Brabandt, closes #12279)
diff --git a/runtime/doc/editing.txt b/runtime/doc/editing.txt
index c3e1d0d..a08befe 100644
--- a/runtime/doc/editing.txt
+++ b/runtime/doc/editing.txt
@@ -1533,9 +1533,10 @@
You can use the 'cryptmethod' option to select the type of encryption, use one
of these: >
- :setlocal cm=zip " weak method, backwards compatible
- :setlocal cm=blowfish " method with flaws
- :setlocal cm=blowfish2 " medium strong method
+ :setlocal cm=zip " weak method, backwards compatible
+ :setlocal cm=blowfish " method with flaws, do not use
+ :setlocal cm=blowfish2 " medium strong method
+ :setlocal cm=xchacha20v2 " medium strong method using libsodium
Do this before writing the file. When reading an encrypted file it will be
set automatically to the method used when that file was written. You can
diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt
index 91f50e7..2a2c7ed 100644
--- a/runtime/doc/options.txt
+++ b/runtime/doc/options.txt
@@ -2511,12 +2511,14 @@
*pkzip*
zip PkZip compatible method. A weak kind of encryption.
Backwards compatible with Vim 7.2 and older.
+ Only use if you need to be backwards compatible.
*blowfish*
blowfish Blowfish method. Medium strong encryption but it has
an implementation flaw. Requires Vim 7.3 or later,
files can NOT be read by Vim 7.2 and older. This adds
a "seed" to the file, every time you write the file
the encrypted bytes will be different.
+ Obsolete, please do no longer use.
*blowfish2*
blowfish2 Blowfish method. Medium strong encryption. Requires
Vim 7.4.401 or later, files can NOT be read by Vim 7.3
@@ -2538,11 +2540,21 @@
enabled.
Encryption of undo files is not yet supported,
therefore no undo file will currently be written.
- CURRENTLY EXPERIMENTAL: Files written with this method
+ CAREFUL: Files written with this method might have to
+ be read back with the same version of Vim if the
+ binary format changes later.
+ Obsolete, please do no longer use.
+ xchacha20v2 Same algorithm as with "xchacha20" that correctly
+ stores the key derivation parameters together with the
+ encrypted file. Should work better in case the
+ parameters in the libsodium library ever change.
+ STILL EXPERIMENTAL: Files written with this method
might have to be read back with the same version of
Vim if the binary format changes later.
- You should use "blowfish2", also to re-encrypt older files.
+ You should use "blowfish2", also to re-encrypt older files. The
+ "xchacha20" method provides better encryption, but it does not work
+ with all versions of Vim.
When reading an encrypted file 'cryptmethod' will be set automatically
to the detected method of the file being read. Thus if you write it