Method used for encryption when the buffer is written to a file:

zip PkZip compatible method. A weak kind of encryption. Backwards compatible with Vim 7.2 and older. Only use if you need to be backwards compatible.

blowfish Blowfish method. Medium strong encryption but it has an implementation flaw. Requires Vim 7.3 or later, files can NOT be read by Vim 7.2 and older. This adds a "seed" to the file, every time you write the file the encrypted bytes will be different. Obsolete, please do no longer use.

blowfish2 Blowfish method. Medium strong encryption. Requires Vim 7.4.401 or later, files can NOT be read by Vim 7.3 and older. This adds a "seed" to the file, every time you write the file the encrypted bytes will be different. The whole undo file is encrypted, not just the pieces of text.

xchacha20 XChaCha20 Cipher with Poly1305 Message Authentication Code. Medium strong till strong encryption. Encryption is provided by the libsodium library, it requires Vim to be built with +sodium. It adds a seed and a message authentication code (MAC) to the file. This needs at least a Vim 8.2.3022 to read the encrypted file. Encryption of swap files is not supported, therefore no swap file will be used when xchacha20 encryption is enabled. Encryption of undo files is not yet supported, therefore no undo file will currently be written. CAREFUL: Files written with this method might have to be read back with the same version of Vim if the binary format changes later. Obsolete, please do no longer use. xchacha20v2 Same algorithm as with "xchacha20" that correctly stores the key derivation parameters together with the encrypted file. Should work better in case the parameters in the libsodium library ever change. STILL EXPERIMENTAL: Files written with this method might have to be read back with the same version of Vim if the binary format changes later.

You should use "blowfish2", also to re-encrypt older files. The "xchacha20" method provides better encryption, but it does not work with all versions of Vim.

When reading an encrypted file 'cryptmethod' will be set automatically to the detected method of the file being read. Thus if you write it without changing 'cryptmethod' the same method will be used. Changing 'cryptmethod' does not mark the file as modified, you have to explicitly write it, you don't get a warning unless there are other modifications. Also see :X.

When setting the global value to an empty string, it will end up with the value "blowfish2". When setting the local value to an empty string the buffer will use the global value.

When a new encryption method is added in a later version of Vim, and the current version does not recognize it, you will get E821 . You need to edit this file with the later version of Vim.

(default "blowfish2")