Encrypting your data is the best way to do to keep your data safe. If your data on your computer is not encrypted, anyone who managed to get their hands on your computer could also manage to get access to your data, even when they don’t have your password. So it’s crucial that you need to use some form of encryption to secure your data, especially when you saved them on a mobile computer like a laptop you carry and use on a daily basis.
Windows 7 offers a full disk encryption feature, BitLocker, out of the box but unfortunately it’s only available on Ultimate or Enterprise edition. Windows 8 is a little better that the Pro version already comes with it. People who use the other Windows 7 or 8 editions, unfortunately, will have to seek alternatives if they want to have the similar disk-wise encryption. TrueCrypt would be an excellent product to consider, but unfortunately, the development of this awesome open source seized up in May 2014.
Both Windows 7 and 8 also have another form of encryption built right in their main disk format, NTFS. EFS, which stands for Encrypting File System, is a feature introduced way back in Windows 2000 that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.
What is required?
As long as your partition is formatted as NTFS and run on a Windows 7 Professional or up edition, you are able to use this encryption option to secure your data.
How to use it?
1. Right-click on the folder or file you want to encrypt, go to Properties, which opens the file/folder properties window.
2. Then, click Advanced… button to open the Advanced Attributes window.
3. Tick the option Encrypt contents to secure data, and hit OK.
4. Done, and rest assured.
Cool tip: you can also use a PowerShell cmdlet to encrypt a specific file or folder through PowerShell console.
(Get-Item -path 'path\filename').Encrypt()
And use Decrypt() to decrypt the EFS encrypted files.
How to tell if a folder or file is encrypted?
All folders or files that are successfully encrypted will be shown in green, like below.
Back up your encryption certificate with the private key
Because the data is encrypted using your very own Encryption Certificate, it’s crucial that you back this certificate up with the private key to an external storage to keep it safe and separate.
Your encryption certificate will be created automatically the first time you turned on the encryption on your folder/file. It’s recommended that you immediately back it up right after with a strong password. Both Windows 7 and 8 has made it very easy to do with an easy-to-follow wizard.
1. Type “Encryption Certificates” in the search box from Start menu to open Manage File Encryption Certificates wizard.
2. Follow the wizard to pick up the valid certificate and back it up
If you don’t see a certificated signed through the wizard, you can also officially create a new one for yourself.
How to decrypt the folder/file?
That’s easy, simply unchecked the Encrypt your data option from the Advanced properties window, and hit OK.
Which form of encryption does Windows 7 use on EFS?
Windows 7/8 uses AES, Advanced Encryption Standard, to encrypt the data when using EFS. AES is a form of encryption adopted by US government in 2001. It’s a more secure encryption form than its predecessor, DES. It also supports a mixed mode operation of ECC and RSA algorithms for backward compatibility.
Using EFS as a wiping tool to wipe clean deleted data
This is another very cool tip and nice way of using this EFS feature. Windows has a built-in command line called Cipher designed primarily for encrypting/decrypting data on the drives that use NTFS file system, using EFS, Encrypting File System.
The cool thing about this command line is that with a switch /w you can turn Cipher into a nice data wiping tool that overwrites deleted data in a specified folder on a specified volume. For example, after running the following command, the deleted data in my downloads folder will be overwritten and wiped out completely clean.
A few final notes
- Again, EFS only supports on the folders/files saved on an NTFS partition that runs on Windows 7 Professional, Ultimate, and Enterprise edition.
- EFS doesn’t prevent people from seeing the name of the file and what’s in the folder. Another word, even though you have your folder or file encrypted, people can still see the file name and the list of files in the folder. However, when people wants to get access to them on a computer that doesn’t have the right certificate installed, they will get access denied message.
- Encryption would be removed automatically if the data was moved or copied to a non-encrypted folder or external drive.
- There is much more information about the encryption, but we will save them for another day.
If you have any questions or concerns, please leave them in the comment.