Features of Windows Encrypting File System (EFS)

written by: Marieta Leke; article published: year 2006, month 08;


In: Root » Computers and technology » Data security » Features of Windows Encrypting File System (EFS)

Dutch French Spanish Portuguese Italian German Japanese Chinese Korean Russian Arabic Bookmark and Share this Article

• Only available on Windows 2000 and Windows XP operating systems using NTFS partitions and volumes. (NTFS v5).

• Encryption is transparent to the user.

• Uses public-key encryption. Using a public key from the user’s certificate encrypts keys that are used to encrypt the file. The list of encrypted fileencryption keys is kept with the encrypted file and is unique to it. When decrypting the file encryption keys, the file owner provides a private key that only he has.

• If the owner has lost his private key, an appointed recovery system agent can open the file using his/her key instead.

• EFS resides in the Windows OS kernel and uses the non-paged memory pool to store file encryption keys - this means no one will be able to extract them from your paging file.

• Encrypted files can be backed up using the Backup Utility, but will retain their encrypted state as access permissions are preserved.

• Microsoft recommends creating an NTFS folder and encrypting it. In the Properties dialog box for the folder click the General tab then the Advanced button and select the "Encrypt Contents To Secure Data" check box. The folder isn't encrypted, but files placed in it will be automatically encrypted. Uncheck the box if you want to decrypt the contents of the folder.

• Although it is recommended that encryption take place at the folder level, it can be done at the file level. Encryption at the folder level will automatically result in all files inside the folder being encrypted. Files moved into or created in an encrypted folder will automatically become encrypted at that time.

• Default encryption strength is 128-bit.

• Compressed files can't be encrypted and vice versa.

• You can share encrypted files under Windows XP Professional by adding the additional users you want to have access to the file after it has been encrypted. (This is not possible under Windows 2000).

• In Windows 2000, Data Recovery Agents (DRAs) were required to implement EFS. In Windows XP, they are optional. Microsoft recommends that all stand-alone or domain environments have at least one designated DRA.

• Use the Cipher command to work with encrypted files from the command line.

• The efsinfo.exe utility in the WINXP Resource Kit allows an administrator to determine information about encrypted files.

Disclaimer

1) E-articles is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringement, please read the terms of service and contact us to investigate the problem.
2) E-articles is not responsible for inaccuracies, falsehoods, or any other types of misinformation this article may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here.

link to this article