Free file encryption with the Windows XP Encrypted File System (EFS)

Reference: - Microsoft.com

Author: - Dinesh Aggarwal

If you have Window XP Pro, you can use the Encrypting File System (EFS) to encrypt your files so that no one else can read them. EFS allow users to store confidential information about a computer when people who have physical access to your computer could otherwise compromise that information, intentionally or unintentionally. EFS is free and you don’t have to install any software to use it. Please note that it doesn’t come with windows XP home edition and secondly your file system has to be NTFS. EFS don’t work with FAT partitions.

Using EFS you can encrypt any file or folder. Once a file is encrypted, it gets linked to your username in the computer. Someone else loggin to your computer with other username will not be able to read these encrypted files. You can work with these files or folder like any other normal file. These folders will be shown as green in the windows explorer to distinguish from the normal folders. That’s the only difference that you will see.
Important thing to remember is that you cannot encrypt compressed files. You need to uncompress them before encrypting. Similarly encrypted files cannot be compressed. You will have to decrypt them in order to compress them. Now let’s see how to encrypt a file.
To encrypt a file or folder, right-click on the folder or file and choose Properties à General à Advanced

You will see a dialog box as shown in the below figure

using windows encryption file system-EFS

You need to check the box “encrypt contents to secure date” and then OK. You will be asked to apply encryption to this folder only or to subfolders and files as shown in the below mentioned diagram.

encryption file system-EFS

Below table shows the results of selecting the Apply changes to this folder only option.


File Description

Encryption Status

Already stored in the folder and its subfolders

Unchanged. Files remain either encrypted or unencrypted.

Created in or copied to the folder by you later

File is encrypted and FEK is encrypted by using your public key.

Created in or copied to the folder by another user later

File is encrypted and FEK is encrypted by using the other user’s public key.

Created in or copied to subfolders later

Unchanged.

Moved to the folder or subfolders later

Unchanged.

Source: - Technet.microsoft.com
Below table shows the results of choosing the Apply changes to this folder, subfolders, and files option.


File Description

Encryption Status

Already in the folder and its subfolders

If you have Write permission, file is encrypted and FEK is encrypted by using your public key; otherwise, files are unchanged.

Later created in or copied to the folder or subfolders by you

File is encrypted and FEK is encrypted by using your public key.

Later created in or copied to the folder or subfolders by another user

File is encrypted and FEK is encrypted by using the other user’s public key.

Later moved to the folder or subfolders

Moving unencrypted files into an encrypted folder will automatically encrypt those files in the new folder.

Source: - Technet.microsoft.com
With either choice, the folder’s list of files remains in plaintext and you can enumerate files as usual.

In order to decrypt the folder again , click on the folder or file and choose Properties --> General --> Advanced
Uncheck the box against “encrypt contents to secure date”

You should backup your personal encryption certificate and store in a secure location. Why? Because if your system crashed and you copy your encrypted folders to some other PC, then you will need the certificate to see these folders. In order to copy the certificate

Open Internet explorer --> Tools --> Internet Options --> Contents --> Certificates
Click personal tab. You could see a lot of certificates. Click on each certificate and see the certificate which has Encryption file system written in the “certificates intended purposes “field as shown below.

exporting certificate in windows

 

Click export to start the certificate export wizard and click next.
Select “Yes, export the private key “and click on next.
Click “enable strong encryption” click next
Type the password. This password is for the security of certificate.
Specify the path where you want to save the key. Click next and then Finish.

If you have any suggestions or want to add more to this article do write us an email articles@knowurtech.com

 

What Next?


If you liked this article, you can share it with others using the following link:


Related Content :