The Microsoft Windows Encypting File System (EFS) is a native feature that can be used to encrypt and decrypt data.
You can see this feature in the Advnaced properties on any file or folder. The attractive aspect of this feature is that you can natively (no additional software) encrypt and decrypt your data on the fly directly in Windows Explorer with no seperate password. You you are logged into your computer you will be able to read the data, but anyone else will not.
There are some serious caveats to using this feature though.
Your data is encrypted with X.509 Cetificate stores in the local Windows Certificate Store. That certificate contains your private key used to encrypt and decrypt the data. That key is tied to your Windows credentials, so loose your Windows credentials and you’ve lost the ability to access your data!
If you use this feature, it is critical that you export your certificate (and private key) to removable media and store it securely. This Microsoft Knowledge base article (Best practices for the Encrypting File System) explains how to do that.
Feature Notes
- When you create a new file in an encrypted folder, that file is automatically encrypted.
- Unauthorized users can still view the contents of the folder (i.e. the directory listing).
Key Feature Notes
- Only available in the Professional versions of Windows XP and Windows Vista.
- Only available on NTFS file systems.
- You can encrypte files so that multiple users have access to them. Support for multiple users is not supported on Windows 2000 or Windows XP.