Microsoft Windows introduced the Encrypting File System (EFS) in NTFS3.0 (New Technology File System). It provides an additional level of security for files and directories, to protect confidential data from attackers. Users can open the encrypted files just like any other since they are transparently encrypted.
EFS combines public key encryption algorithms with symmetric secret keys. In this way, it ensures that files are difficult to decrypt without the correct secret key. Furthermore, compared with asymmetric keys, symmetric keys consume less time during the process of encrypting and decrypting data. However, different symmetric encryption algorithms depend on the operating system version and configuration.
EFS encryption is the process of converting information into secret code. While it doesn't prevent interference by itself, but can deny comprehensible content to potential interceptors.
EFS encryption and decryption are done transparently, and if the users encrypt some data, their accessibility to this data is fully allowed without any restrictions. However, if any other unauthorized users attempt to read the encrypted data, they will receive an "Access denied" error message.
Pay attention to the following items that cannot be encrypted:
EFS uses public key technology to encrypt and decrypt files. When a user requests to encrypt the file, EFS will generate an X.509 certificate with a private/public key. The private key is just for the personal, and the public key is open to everyone.
The folder whose contents are to be encrypted is marked with the "encryption" attribute. The EFS component driver checks this "encryption" property, this operation is similar to the inheritance of file permissions in NTFS: if a folder is marked as encrypted, all files and subfolders created within it are encrypted by default.
However, there are a lot of circumstances under which the file could be encrypted without the user's explicit permission. Usually, the file is copied to another file system, the file remains encrypted. However, if the encrypted file is copied over the network using SMB/CIFS protocol, the file is decrypted before being sent to the network. The most significant way to avoid this kind of situation is to use backup software that supports the "raw data" APIs. It allows the encrypted file will not to be decrypted during the copy process.
EFS encryption is based on a public key policy. The encrypted file will be created with FEK and the Data Extension Standard X algorithm. As for daily use, just need a few clicks to encrypt and decrypt a file.
Choose the file or directories you want to encrypt. First, select "Properties" and open the properties window, then click the "Advanced" button on the tab, and there will display the "Encrypt contents to secure data" option. Choose the option, the file will be encrypted. Oppositely, remove the "Encrypt option" that can decrypt the file.
After learning the process of encrypting files. We have learned that the most important role of EFS is to help us encrypt files. In addition, you need to understand other benefits and disadvantages in some situations.