EFS (Encrypting File System): Good Helper to Protect Confidential Data

What Are EFS and EFS Encryption?

Microsoft Windows introduced the Encrypting File System (EFS) in NTFS3.0 (New Technology File System). It provides an additional level of security for files and directories, to protect confidential data from attackers. Users can open the encrypted files just like any other since they are transparently encrypted.

EFS combines public key encryption algorithms with symmetric secret keys. In this way, it ensures that files are difficult to decrypt without the correct secret key. Furthermore, compared with asymmetric keys, symmetric keys consume less time during the process of encrypting and decrypting data. However, different symmetric encryption algorithms depend on the operating system version and configuration. 

EFS encryption is the process of converting information into secret code. While it doesn’t prevent interference by itself, but can deny comprehensible content to potential interceptors.

EFS encryption and decryption are done transparently, and if the users encrypt some data, their accessibility to this data is fully allowed without any restrictions. However, if any other unauthorized users attempt to read the encrypted data, they will receive an "Access denied" error message.
Pay attention to the following items that cannot be encrypted：

• Compressed file
• System file
• System directories
• Root directories
• Transaction

How EFS Works?

EFS uses public key technology to encrypt and decrypt files. When a user requests to encrypt the file, EFS will generate an X.509 certificate with a private/public key. The private key is just for the personal, and the public key is open to everyone.

The folder whose contents are to be encrypted is marked with the "encryption" attribute. The EFS component driver checks this "encryption" property, this operation is similar to the inheritance of file permissions in NTFS: if a folder is marked as encrypted, all files and subfolders created within it are encrypted by default.  

However, there are a lot of circumstances under which the file could be encrypted without the user’s explicit permission. Usually, the file is copied to another file system, the file remains encrypted. However, if the encrypted file is copied over the network using SMB/CIFS protocol, the file is decrypted before being sent to the network. The most significant way to avoid this kind of situation is to use backup software that supports the "raw data" APIs. It allows the encrypted file will not to be decrypted during the copy process.

How to Encrypt and Decrypt a File with Computers

EFS encryption is based on a public key policy. The encrypted file will be created with FEK and the Data Extension Standard X algorithm. As for daily use, just need a few clicks to encrypt and decrypt a file.

Choose the file or directories you want to encrypt. First, select "Properties" and open the properties window, then click the "Advanced" button on the tab, and there will display the "Encrypt contents to secure data" option. Choose the option, the file will be encrypted. Oppositely, remove the “Encrypt option” that can decrypt the file.

After learning the process of encrypting files. We have learned that the most important role of EFS is to help us encrypt files. In addition, you need to understand other benefits and disadvantages in some situations.  

What Are the EFS Advantages?

• Save using cost. It is unnecessary to install additional software since the EFS is integrated with the operating system.
• Transparent to the authorized users. They can open the files without passwords. 
• Less time and more safety. Combine the advantages of symmetric encryption and asymmetric encryption. In addition, the encryption and decryption processes run in kernel mode, and hackers have no way to extract the key from the file.
• Convenient for administrators. They can recover encrypted files according to The EFS data recovery mechanism 

Some Secure Problems of EFS

• Once a user logs in successfully, no additional authentication is required to access his own EFS encrypted data. Therefore, divulging of the user's password automatically leads to access to that data.
• Anyone who can gain administrators’ access can override and change the Data Recovery Agent configuration. 
• If the user forgets his password and fails to back up the encryption key, he can’t decrypt a file and will suffer data loss.