The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Encrypting File System (EFS) on Windows 11/10 explained

Download Windows Speedup Tool to fix errors and make PC run faster

The Encrypting File System or EFS Encryption is one of the components of the NTFS file system. It is available on a high range of Windows operating systems. It is supported on Windows 11, Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server editions. There are other Cryptographic file systems available on other operating systems apart from Windows but Microsoft EFS is exclusive only to the Windows Operating Systems. It uses symmetric key encryption with a combination with public key technology to protect files. The file data is then encrypted with a symmetric algorithm called as DESX.

Encrypting File System (EFS)

Encrypting File System EFS

The key used for these kinds of symmetric encryption is called as File Encryption Key (or FEK). This FEK is in return encrypted with a public or a private key algorithm like RSA and stored with the file. The main positive aspect of using two different algorithms is that the speed of encrypting those files. And these increase in speeds of encrypting files helps the users to effectively encrypt large chunks of data. The speed of symmetric algorithms is about 1000x faster than that of the traditional asymmetric encryption techniques.

The process of EFS Encryption

The process is fairly simple yet secure.

Encryption

The first step involves the file itself. Using the Symmetric Key (FEK) the file is encrypted. This is just one aspect of the total encryption.

Now the Symmetric Key (FEK) is encrypted with a public key for the user, and the Encrypted FEK is stored in the Encrypted file’s header. As simple as that.

Decryption

Here, the reverse of encryption is done as the name suggests.

First of all, the Encrypted FEK from the Encrypted File’s Header is fetched and decrypted using the Public Key.

Now, the decrypted FEK is used to decrypt the Encrypted file finally and then the file is made readable to the authorized user.

EFS vs. BitLocker encryption

BitLocker is another technique of encrypting files on Windows just like EFS. This means that Windows provides two methods of encrypting files just on Windows. A user can also encrypt a file twice by encrypting it first with EFS and then with BitLocker or vice versa. This feature makes it 2x more secure than usual.

BitLocker has an image of slowing down the computer when used to encrypt files, but EFS is considered to be far more light-weight. But this difference is not seen much on modern hardware that is available and used more often.

Summing up

EFS encryption encrypts files or folders one by one. Unlike BitLocker that encrypts them together. This also means that when a file is executed, and Windows creates a temporary cache of that file, that temporary cache can be used as a leak to the information and unauthorized access can be taken over by an unintended user. EFS works with NTFS only.

This does not mean that a user should not be using EFS but what this really means is that the user has a choice of encrypting files with a suitable algorithm depending upon what type of data that file stores within it.

We will in the next few days, cover the following topics:

  1. How to encrypt files with EFS Encryption
  2. How to decrypt EFS Encrypted Files and Folders
  3. How to back up your EFS encryption key.

Stay tuned!

AyushVij@TWC

Ayush has been a Windows enthusiast since the day he got his first PC with Windows 98SE. He is an active Windows Insider since Day 1 and has been a Windows Insider MVP.