0

I'm moving from a Debian-based distro to CentOS 7. I have files encrypted with blowfish that I edit transparently in VIM with this setting in ~/.vimrc:

:set cryptmethod=blowfish2

This is the error that I receive:

E474: Invalid argument: cryptmethod=blowfish2

However, I cannot seem to find the appropriate package in CentOS. I have installed the following packages, but I still get the error:

$ sudo yum install bcrypt cryptsetup-python libcryptui py-bcrypt

Here are all the packages that seem to be relevant:

$ yum search bcrypt
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirror.nonstop.co.il
 * epel: mirror.nonstop.co.il
 * extras: mirror.nonstop.co.il
 * updates: mirror.nonstop.co.il
============================= N/S matched: bcrypt ==============================
libcryptui-devel.i686 : Header files required to develop with libcryptui
libcryptui-devel.x86_64 : Header files required to develop with libcryptui
rubygem-bcrypt.x86_64 : Wrapper around bcrypt() password hashing algorithm
rubygem-bcrypt-doc.x86_64 : Documentation for rubygem-bcrypt
bcrypt.x86_64 : File encryption utility
cryptsetup-python.x86_64 : Python bindings for libcryptsetup
libcryptui.i686 : Interface components for OpenPGP
libcryptui.x86_64 : Interface components for OpenPGP
py-bcrypt.x86_64 : Python bindings for OpenBSD's Blowfish password hashing code

  Name and summary matches only, use "search all" for everything.

$ yum search blowfish
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirror.nonstop.co.il
 * epel: mirror.nonstop.co.il
 * extras: mirror.nonstop.co.il
 * updates: mirror.nonstop.co.il
============================ N/S matched: blowfish =============================
perl-Crypt-Eksblowfish.x86_64 : Eksblowfish block cipher
php-horde-Horde-Crypt-Blowfish.noarch : Blowfish Encryption Library
php-pear-Crypt-Blowfish.noarch : Quick two-way blowfish encryption
php-phpseclib-crypt-blowfish.noarch : Pure-PHP implementation of Blowfish
py-bcrypt.x86_64 : Python bindings for OpenBSD's Blowfish password hashing code

  Name and summary matches only, use "search all" for everything
dotancohen
  • 2,590
  • 2
  • 25
  • 39
  • You need to have Vim 7.4 patch 399 for this. There's no package for separate features, you'll have to compile Vim yourself. – Martin Tournoij May 09 '16 at 09:47
  • @MichaelHampton: Thank you. I've only ever seem it called `blowfish2`: https://dgl.cx/2014/10/vim-blowfish. Changing that to simple `blowfish` in `~/.vimrc` resolved the error, but I cannot open my encrypted files! This is the error that I get when trying to open encrypted files `E821: File is encrypted with unknown method`. – dotancohen May 09 '16 at 09:47
  • 1
    Yes, `blowfish` and `blowfish2` are not compatible. Note that `blowfish` is **not** secure, and that the security of `blowfish2` is also controversial. – Martin Tournoij May 09 '16 at 10:51

2 Answers2

1

CentOS 7 shipped with vim 7.4.160. However, cryptmethod=blowfish2 requires vim 7.4.401 or later.

And anyway, you probably should be using full disk encryption and more carefully vetted crypto such as OpenPGP. The reason cryptmethod=blowfish2 exists to begin with is that cryptmethod=blowfish was horribly broken. And it's not compatible with anything.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Thank you! I just downloaded VIM from [github](https://github.com/vim/vim.git) and [configured it](https://gist.github.com/holguinj/11064609) with `./configure --prefix=/usr --with-features=huge --enable-rubyinterp --enable-pythoninterp`. It then built and installed flawlessly. Thank you! – dotancohen May 09 '16 at 10:10
  • You might also try backporting the RPM from a current version of Fedora, which is currently on 7.4.1718. This is usually as easy as creating a [Copr](https://copr.fedorainfracloud.org/) account and throwing in the source RPM. – Michael Hampton May 09 '16 at 10:15
0

The issue was that CentOS 7 ships with VIM 7.4.160, as Michael Hampton points out we need 7.4.401. In a comment I mention how to install the later VIM, here are the complete instructions for those who might follow in my footsteps. All credit goes to Michael for identifying the issue and to this Gist for laying out the proper configure line:

git clone https://github.com/vim/vim.git
cd vim/
./configure --prefix=/usr --with-features=huge --enable-rubyinterp --enable-pythoninterp
make
sudo make install
Community
  • 1
dotancohen
  • 2,590
  • 2
  • 25
  • 39