EFS encryption method and decryption are required

I often see files and folder encryption articles. Most of them are implemented by installing various software. If your system is WinXP/Win2003/2000, there is no need to exercise public encryption, you do not need to install software or perform complex operations, because Windows itself integrates the EFS (Encryption File System-EFS) Encryption function, you can encrypt files and folders on the NTFS partition! After encryption, all your files and folders are locked into the safe. Of course, you don't have to worry about security because it adopts a 56-Bit Data Encryption Standard, no one has been able to crack so far!

　　1. ESF encrypted files or folders

To improve file security, Microsoft introduced EFS encryption technology to NTFS in WinXP/Win2003/2000 (note that Windows XP family Edition does not support EFS encryption file systems. The EFS encryption operation is very simple and transparent to users of encrypted files. After the files are encrypted, you do not have to manually decrypt them before using them. Only the encryptor can open the encrypted file. After other users log on to the system, the encrypted file cannot be opened.

1. ESF Encryption

For example, to encrypt the ESF of the test directory on the NTFS partition, you can perform the following operations: In WinXP, click Start/Program/attachment, and click open Windows Resource Manager ", click "my computer", open the NTFS partition, right-click the file or folder (such as the test directory) to be encrypted, and click "properties". On the "General" tab, click "advanced". In the displayed window, select the "encrypt content to protect data" check box (1). Click "OK" to exit.

Figure 1

If the folder is encrypted, a dialog box (2) is displayed. You can choose to encrypt the folder only or encrypt the subfolders and files in the directory as needed; click "OK" and then click "application.

Figure 2

So by default, you will find that the EFS-encrypted file (folder) is changed to color (3) in the resource manager ), the color of the file/folder name in Example 3 is not black but green, which indicates that they have been encrypted by EFS.

Figure 3

The EFS encryption method for files is similar to that described above. Now we have an EFS-encrypted directory (such as test). If you want to encrypt an EFS file or folder in the future, you can also move them to this directory, this will be automatically encrypted.

　　Tips: Files and folders in the FAT partition cannot be encrypted by ESF. In addition, files marked as "system" attributes cannot be encrypted by ESF in the Window system directory.

2. Back up keys in time

ESF encryption is simple, but if you reinstall the system, you will not be able to open the EFS encryption file (folder) even if you use the original user name and password. Therefore, you should back up the key in time, in this way, even if you reinstall the system, you can open the encrypted file.

Backup key method: In WinXP, click "start"/run, and type certmgr. msc open the Certificate Manager and click "individual> Certificate" under "Certificate> current user". As long as encryption is performed before, a certificate with the same name will appear in the right window (4 ), if there are multiple certificates, select "expected purpose" as "encrypted file system"; right-click "certificate" and choose "all tasks> export" from the menu ", the "Certificate export wizard" window will pop up. In the window, select "export private key" and enter the private key protected by the password as required by the wizard, select the directory where the certificate is saved. The certificate (file with the CER suffix) and private key (file with the PFX suffix) are exported successfully.

Figure 4

For these backup keys (certificates and private keys) in the future, we only need to have a file to restore the encrypted data. If other users obtain your backup key, they can easily decrypt your encrypted file. Therefore, you must keep the backup key safe.

2. Tips for canceling EFS encryption

If you do not want to encrypt an EFS file or folder, you can cancel it as follows: open Windows Resource Manager, right-click the encrypted file or folder, and click "properties "; on the "General" tab, click "advanced". In the displayed window, clear the "encrypt content to protect data" check box (5), and then click "OK.

Figure 5

　　3. How to retrieve EFS encrypted files?

When there is a problem with the system account of the encrypted file, or after the system is reinstalled, the EFS encrypted file cannot be accessed. Many of my friends have encountered such problems. Similar help posts are everywhere on the Internet, to solve this problem, you can crack it like this:

1. PFX private key is used in the previous backup

If you have backed up a PFX private key file before, it is absolutely not a problem to open the encrypted file! Find the private key file of the backup PFX, right-click the file, and select "Install PFX" in the pop-up menu. the "Certificate import wizard" is displayed ", enter the password you entered when exporting the certificate, and then select "automatically select the certificate storage area based on the certificate type". Then, you can access the EFS encrypted file.

2. Previously backed up with a CER Certificate

If you have not backed up the PFX private key file before, but backed up the CER certificate, and re-installed the system, there is no way to open the encrypted file. If you have not reinstalled the system, you can crack it like this:

 

Click Start/run in the menu and type certmgr. msc open the Certificate Manager, click "individual" under "Certificate> current user", right-click, and select "all tasks> Import" from the menu that appears ", in the "Certificate import wizard" window, click the prompt, click "Browse", select "personal" (6), and import the certificate to the "personal" storage area.
Click the certificate under "personal" on the left. A certificate is displayed in the right window. Right-click the certificate and choose "all tasks> renew the certificate with the same key" (7 ), you can access the EFS encrypted file.

Figure 6



Figure 7

　　Conclusion

Some people say that although EFS encryption is undefined and easy to use, it is often hard to open encrypted files because you have not backed up the private key file. If you have not backed up the private key, the EFS encrypted file cannot be opened after the system is reinstalled. If this happens, you can use the recovery proxy to decrypt the Win2000 system. That is, you can use the Administrator user to log on to the system and then open the encrypted file. If the system is WinXP, there is no way to open the encrypted file, because no one can crack EFS encryption, neither the software nor the method.Therefore, you must back up the private key after encryption! As long as you have backed up the PFX private key file, EFS encryption will not go wrong.