Using Encrypting File System in Windows Vista - Encrypting Files

Using Encrypting File System in Windows Vista - Encrypting Files
Page content

About EFS, Certificates and Keys

EFS differs a bit from a similar Vista technology – Bitlocker - in that EFS locks down individual files and folders whereas Bitlocker encrypts an entire volume. In this article, I will show you how to enable and use EFS on your machine.

In this article, I will show you how to…

  • Encrypt a file or folder
  • Decrypt a file or folder
  • Backup your encryption Certificate and Keys

When you first encrypt a file or folder, an encryption certificate will be created. The certificate is then tied to an encryption key and together they verify your identity and which files you are able to encrypt and decrypt. It is important to backup your encryption certificate and key in case your existing key or certificate are damaged or lost. Make sure you keep your backed up certificate and keys in a safe place – not on your computer! Use a USB key or CD\DVD to backup your key. If the certificate and keys are lost and you don’t have a backup, you will be unable to decrypt your files.

Encrypting a File or Folder

Encrypting files and folders is a pretty simple process. Just be sure you are logged in with the user you wish to use in the future to decrypt and interact with these files. Don’t use a temporary account!

  1. Browse to the file or folders you wish to encrypt.
  2. Right click on the file or folder and select Properties.
  3. On the properties windows, click on Advanced.
  4. On the Advanced Attributes window, select “Encrypt contents to secure data”. Click OK.
  5. A window asking you to confirm the change will appear. Select whether to apply the change to only this folder, or this folder plus any sub-folders. Click OK after you’ve made your choice.
  6. If you have a large number of files or folders you’ll be encrypting, please note it may take several minutes to perform the initial encryption. Encrypting a test file and folder on my system took about five seconds. Once the file or folder is encrypted, the title of the folder or file will turn green to signify the encrypted state.
  7. Note that you can interact with the file\folder just as you would an unencrypted folder.

Decrypting a File or Folder

Decrypting files and folders is just the opposite of encrypting them - again a very easy process.

  1. Browse to the file or folders you wish to decrypt.
  2. Right click on the file or folder and select Properties.
  3. On the properties windows, click on Advanced.
  4. On the Advanced Attributes window, clear the “Encrypt contents to secure data” check box. Click OK.
  5. A window asking you to confirm the change will appear. Select whether to apply the change to only this folder, or this folder plus any sub-folders. Click OK after you’ve made your choice.
  6. If you have a large number of files or folders you’ll be decrypting, please note it may take several minutes to perform the operation. Once the file or folder is decrypted, the title of the folder or file will turn back to black to signify the encrypted state.

Backup your encryption certificate and key

If you decide to use EFS, be absolutely sure you’ve created a backup of your certificate and keys. Without these items, you will be unable to open, modify or decrypt your files. As mentioned above, be sure you store this file in a secure location - other than on your computer you’re using the encryption on. A removable USB key or CD\DVD is recommended.

  1. Open the Certificate Manager by going to the Start and typing “certmgr.msc” in the search box.
  2. Browse to Personal, Certificates
  3. Click the certificate that shows the intended purpose is for EFS
  4. Right click on the certificate, select All Tasks, Export…
  5. On the Export window, click Next.
  6. When asked if you wish to export your private key, select Yes and click Next.
  7. Make sure Personal Information Exchange is selected and click Next.
  8. Enter a strong password using numbers, letters and symbols. Click Next.
  9. Enter a location and file name for the certificate. Make sure the certificate extension ends with “.cer”.
  10. Click Finish to complete the export.

Using Vista’s built in EFS is a quick and powerful way to add an extra layer of protection to your critical files and folders.