Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_vim / aae583441bcdbb0bfef3b8a1d193e04ae09ca95d^! / . / runtime / doc
commitaae583441bcdbb0bfef3b8a1d193e04ae09ca95d[log] [tgz]
authorChristian Brabandt <cb@256bit.org>Sun Apr 23 17:50:22 2023 +0100
committerBram Moolenaar <Bram@vim.org>Sun Apr 23 17:50:22 2023 +0100
treee3cf7c27fc02e1232fe5ab8f8da32581e9782718
parentdcd40cfca0fe0e65d405ce9711745a8ec846c30c [diff]
patch 9.0.1481: decrypting with libsodium may fail if the library changes

Problem:    Decrypting with libsodium may fail if the library changes.
Solution:   Add parameters used to the encrypted file header. (Christian
            Brabandt, closes #12279)

diff --git a/runtime/doc/editing.txt b/runtime/doc/editing.txt
index c3e1d0d..a08befe 100644
--- a/runtime/doc/editing.txt
+++ b/runtime/doc/editing.txt

@@ -1533,9 +1533,10 @@
 
 You can use the 'cryptmethod' option to select the type of encryption, use one
 of these: >
-	:setlocal cm=zip        " weak method, backwards compatible
-	:setlocal cm=blowfish   " method with flaws
-	:setlocal cm=blowfish2  " medium strong method
+	:setlocal cm=zip          " weak method, backwards compatible
+	:setlocal cm=blowfish     " method with flaws, do not use
+	:setlocal cm=blowfish2    " medium strong method
+	:setlocal cm=xchacha20v2  " medium strong method using libsodium
 
 Do this before writing the file.  When reading an encrypted file it will be
 set automatically to the method used when that file was written.  You can

diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt
index 91f50e7..2a2c7ed 100644
--- a/runtime/doc/options.txt
+++ b/runtime/doc/options.txt

@@ -2511,12 +2511,14 @@
 							*pkzip*
 	   zip		PkZip compatible method.  A weak kind of encryption.
 			Backwards compatible with Vim 7.2 and older.
+			Only use if you need to be backwards compatible.
 							*blowfish*
 	   blowfish	Blowfish method.  Medium strong encryption but it has
 			an implementation flaw.  Requires Vim 7.3 or later,
 			files can NOT be read by Vim 7.2 and older.  This adds
 			a "seed" to the file, every time you write the file
 			the encrypted bytes will be different.
+			Obsolete, please do no longer use.
 							*blowfish2*
 	   blowfish2	Blowfish method.  Medium strong encryption.  Requires
 			Vim 7.4.401 or later, files can NOT be read by Vim 7.3
@@ -2538,11 +2540,21 @@
 			enabled.
 			Encryption of undo files is not yet supported,
 			therefore no undo file will currently be written.
-			CURRENTLY EXPERIMENTAL: Files written with this method
+			CAREFUL: Files written with this method might have to
+			be read back with the same version of Vim if the
+			binary format changes later.
+			Obsolete, please do no longer use.
+	   xchacha20v2  Same algorithm as with "xchacha20" that correctly
+			stores the key derivation parameters together with the
+			encrypted file.  Should work better in case the
+			parameters in the libsodium library ever change.
+			STILL EXPERIMENTAL: Files written with this method
 			might have to be read back with the same version of
 			Vim if the binary format changes later.
 
-	You should use "blowfish2", also to re-encrypt older files.
+	You should use "blowfish2", also to re-encrypt older files.  The
+	"xchacha20" method provides better encryption, but it does not work
+	with all versions of Vim.
 
 	When reading an encrypted file 'cryptmethod' will be set automatically
 	to the detected method of the file being read.  Thus if you write it