Parsing EFS encryption and decryption Based on NTFS and private key export

I,A file encryption method

1. EFS encryption can be used only for NTFS partitions;

2. My computer -- tools -- Folder Options -- View -- Cancel simple file sharing;

3. Right-click the file or folder to be encrypted-properties-advanced-encrypted content to protect data.

Click "OK", return to file properties, and click "application". The "Confirm attribute change" window appears, in "use this application for this folder, subfolders, and files", click "√", and then click "OK" to encrypt the file. In this way, the original and all new files and subfolders in this folder are automatically encrypted .)

4. If you want to cancel encryption, you only need to right-click the folder and deselect the "encrypted content to protect data" check box. OK.

Ii. Faster encryption methods

It is difficult to encrypt the file multiple times by using the above method. In fact, you only need to modify the registry and add the "encryption" and "decryption" options to the right-click menu, you can right-click to complete the operation as needed. Click Start> Run, enter regedit, press enter, open registry editor, and choose [HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Exporer/Advanced]. click "New> DWORD Value" on the "edit" menu, enter EncryptionContextMenu as the key name, and set the key value to "1 ". Exit Registry Editor, open Resource Manager, select any file or folder on an NTFS partition, right-click it, and find the corresponding encryption and decryption options in the right-click menu, click to complete encryption/decryption.

Note:After EFS encryption, you must export the key before reinstalling the system. Otherwise, you cannot access the encrypted file in the new system.

After using EFS encryption in Windows 2000/XP, if you reinstall the system, the previously encrypted file cannot be opened! If you have not backed up the key in advance, the data will never be opened. It can be seen that it is important to back up keys.

Step 1: first, log on with a local account, preferably a user with administrator permissions. Click Start> Run, enter MMC, and press enter to open the Control Panel Interface.

Step 2: click "Control Panel> Add/delete Management Unit" in the control panel, and click "add" in the displayed "Add/delete Management Unit" dialog box, in the "add independent management unit" dialog box, select "certificate" and click "add" to add the unit.

If you are an administrator, You must select the certificate method, select "My User Certificate", click "close", and click "OK" to return to the control panel.

Step 3: Expand "Control Panel root node → certificate → individual → certificate → select account in the right window" on the left, right-click and select "all tasks → export ", the certificate export wizard is displayed"

Step 4: click "Next", select "Yes, export private key", click "Next", and select "if possible" under "Private Information Exchange, add all certificates to the certificate path and enable enhanced protection, and click "Next" to go to the password setting page.

Step 5: Enter the set password, which is very important. once forgotten, the password will never be obtained and the certificate will not be imported in the future. After entering the information, click "Next" and select the location and file name for saving the private key.

Step 6: click "finish" to bring up the "export successful" dialog box, indicating that your certificate and key have been exported successfully. open the path to save the key, you will see an "envelope + key" icon, which is your valuable key! If you lose it, it not only means that you can no longer open your data, but also means that others can easily open your data.

3. Import EFS keys

After the system is reinstalled, we cannot open files encrypted by EFS. Therefore, before reinstalling the system, remember to export the key and then import the backup key to the new system, to obtain permissions.

1. Make sure that you have the right to view the imported key. Otherwise, it is useless to import the key. This must be done during export.

2. Remember the password set during export. It is best to use the same user name as export.

Step 1: double-click the exported key to be the file under the "envelope + key" icon. the "Certificate import wizard" Welcome Page is displayed. Click "Next, confirm the path and key certificate, and then click "Next" to continue.

Step 2: Enter the exported password after the "password, after entering the password, check "enable strong key protection" and "mark this key for export" to ensure next export), and then click "Next" to continue.

Step 3: As prompted, click "Next", click "OK", and click "finish". If "Import successful" is displayed, you have successfully imported the key.

Try to open all the files that could not be opened now?

Iv. Notes

1. the EFS encrypted file cannot be opened. Converting the NTFS partition to the FAT32 partition or logging in with the same username and password or even returning the Ghost to the original system cannot solve the problem, therefore, it is very important to back up and import EFS keys.

2. Windows XP Home Edition does not support the EFS function.

There are many encryption methods. The above content may not be common to you. However, if you encounter such problems, it is not easy to solve them. I hope this article will help you!