Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_vim / aae583441bcdbb0bfef3b8a1d193e04ae09ca95d^! / . / runtime / doc / options.txt
commitaae583441bcdbb0bfef3b8a1d193e04ae09ca95d[log] [tgz]
authorChristian Brabandt <cb@256bit.org>Sun Apr 23 17:50:22 2023 +0100
committerBram Moolenaar <Bram@vim.org>Sun Apr 23 17:50:22 2023 +0100
treee3cf7c27fc02e1232fe5ab8f8da32581e9782718
parentdcd40cfca0fe0e65d405ce9711745a8ec846c30c [diff] [blame]
patch 9.0.1481: decrypting with libsodium may fail if the library changes

Problem:    Decrypting with libsodium may fail if the library changes.
Solution:   Add parameters used to the encrypted file header. (Christian
            Brabandt, closes #12279)

diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt
index 91f50e7..2a2c7ed 100644
--- a/runtime/doc/options.txt
+++ b/runtime/doc/options.txt

@@ -2511,12 +2511,14 @@
 							*pkzip*
 	   zip		PkZip compatible method.  A weak kind of encryption.
 			Backwards compatible with Vim 7.2 and older.
+			Only use if you need to be backwards compatible.
 							*blowfish*
 	   blowfish	Blowfish method.  Medium strong encryption but it has
 			an implementation flaw.  Requires Vim 7.3 or later,
 			files can NOT be read by Vim 7.2 and older.  This adds
 			a "seed" to the file, every time you write the file
 			the encrypted bytes will be different.
+			Obsolete, please do no longer use.
 							*blowfish2*
 	   blowfish2	Blowfish method.  Medium strong encryption.  Requires
 			Vim 7.4.401 or later, files can NOT be read by Vim 7.3
@@ -2538,11 +2540,21 @@
 			enabled.
 			Encryption of undo files is not yet supported,
 			therefore no undo file will currently be written.
-			CURRENTLY EXPERIMENTAL: Files written with this method
+			CAREFUL: Files written with this method might have to
+			be read back with the same version of Vim if the
+			binary format changes later.
+			Obsolete, please do no longer use.
+	   xchacha20v2  Same algorithm as with "xchacha20" that correctly
+			stores the key derivation parameters together with the
+			encrypted file.  Should work better in case the
+			parameters in the libsodium library ever change.
+			STILL EXPERIMENTAL: Files written with this method
 			might have to be read back with the same version of
 			Vim if the binary format changes later.
 
-	You should use "blowfish2", also to re-encrypt older files.
+	You should use "blowfish2", also to re-encrypt older files.  The
+	"xchacha20" method provides better encryption, but it does not work
+	with all versions of Vim.
 
 	When reading an encrypted file 'cryptmethod' will be set automatically
 	to the detected method of the file being read.  Thus if you write it