Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign when writing files that were signed and verify signed files when opening #34

Open
rhz opened this issue Jun 23, 2015 · 1 comment
Open

Sign when writing files that were signed and verify signed files when opening #34

rhz opened this issue Jun 23, 2015 · 1 comment
Assignees
@jamessan
Labels
enhancement
Milestone
todo

Comments

@rhz
Copy link

rhz commented Jun 23, 2015

Hi James,

By reading the source I got the impression that when writing files are only signed if the variable g:GPGPreferSign is set to 1, regardless of whether the file was signed to begin with. Assuming my interpretation of the code is right (I don't know any vimscript), I was wondering if the plugin should check if the encrypted file is signed while decrypting it and let b:GPGOptions += ["sign"] accordingly. gpg --decrypt tells you if the signature could be verified in the last 2 lines written to stderr:

gpg: Signature made ... using ... key ID ...
gpg: Good signature from ...

Using this same information signed files can be verified when opening them :)

Files that aren't signed just don't write those last 2 lines to stderr.

Cheers,
Ricardo
@jamessan jamessan added this to the 2.6 milestone Jun 23, 2015
@jamessan jamessan self-assigned this Jun 23, 2015
@jdelisle
Copy link

Hi @jamessan,

I have noticed as well that signed GPG files lose their signature when modified with the plugin. Like @rhz suggested, I believe signed files should remain signed after being edited.

Awesome plugin by the way! :)

@jamessan jamessan modified the milestones: 2.7, 2.6 Apr 25, 2016
hlein added a commit to hlein/vim-gnupg that referenced this issue Oct 12, 2019
@hlein
Added re-signing of existing signed files.
50222e1 
When editing an existing file, check if the source file was signed,
and if so, enable signing when we save it.

When writing out a file, moved the "should we sign" check so that
it always happens.  When saving an existing file, b:GPGOptions
exists already, so g:GPGPreferSign was not being checked previously.

This partially addresses
jamessan#34

If we wanted to support selecting between different private keys to
sign with, then checking _which_ key had signed a file and looking
for a corresponding private key in our keyring could be done in
the --list-packets check.  But that is another future issue & PR.
@hlein hlein mentioned this issue Oct 12, 2019
Open
@jamessan jamessan modified the milestones: 2.7, todo May 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jamessan jamessan

Labels
enhancement
Projects
None yet
Milestone
todo
Development

No branches or pull requests
3 participants
@jamessan @jdelisle @rhz