EFS (Encrypted File System): A Handy Tool for Protecting Sensitive Data

What is EFS and EFS Encryption?

Microsoft introduced the Encrypted File System (EFS) in NTFS 3.0 (New Technology File System) to add an extra layer of security to files and directories, preventing unauthorized access to sensitive data by attackers. The encryption process is transparent to the user, so they can open encrypted files just as they would regular ones.

EFS employs a combination of public key cryptography and symmetric keys to ensure that files are difficult to decrypt without the correct key. Moreover, symmetric keys consume less time in encrypting and decrypting data compared to asymmetric keys. However, the specific symmetric encryption algorithm utilized can vary depending on the operating system version and configuration.

Encryption is the process of rendering information into a secret code. Though it does not prevent interference, it does deny would-be eavesdroppers the ability to understand the content.

EFS encryption and decryption occur transparently, so if a user encrypts certain data, they have full access to it with no restrictions. However, if an unauthorized user tries to read the encrypted data, they receive an "Access is denied" error message.
Please note that the following items cannot be encrypted:

• Compressed file
• System file
• System directory
• Root directory
• Transaction

How does Amazon Elastic File System (EFS) work?

The Encrypting File System (EFS) uses public key technology to encrypt and decrypt files. When a user requests encryption for a file, EFS generates an X.509 certificate containing a private key/public key pair. The private key is solely possessed by the individual, while the public key is available to others. This way, only those possessing the corresponding private key can decrypt and access the files, ensuring the security of the data.

Folders that contain encrypted content are marked with an “encrypted” attribute. The EFS driver looks for this attribute, much like the way that file permissions are inherited in NTFS: if a folder is marked as encrypted, any files and subfolders created within it are encrypted by default.

However, in many cases, the files might become decrypted without explicit user consent. Typically, when a file is copied to another file system, it remains encrypted. However, if an encrypted file is copied over a network using the SMB/CIFS protocol, the file is decrypted before it is sent over the network. The most effective way to avoid this is to use backup software that supports “raw” APIs, which ensures that the file remains encrypted during the copy process.

How to Encrypt and Decrypt Files on Your Computer

EFS encryption is based on a public key policy. The encrypted files are created using the FEK and Data Extension Standard X algorithm. For everyday use, files can be easily encrypted and decrypted with just a few clicks.

Encrypt the files or folder you want. To do this, right-click on it, select "Properties," and open the Properties window. From there, click the "Advanced" button in the Attributes tab, which will display the option to "Encrypt contents to secure data." Check this box to encrypt the file, or uncheck it to decrypt it.

Click “Advanced attributes”

Having got to know the file encryption process, we realize that the main role of EFS is to help us encrypt files. Besides, you should also be aware of other advantages and disadvantages in certain cases.

What are the advantages of EFS?

• Saves costs. No additional software needs to be installed since EFS is integrated into the operating system.
• Transparent for authorized users. They can open files without entering a password.
• Faster and more secure. It combines the advantages of symmetric and asymmetric encryption. Plus, encryption and decryption processes run in kernel mode, so hackers can't extract keys from files.
• Convenient for administrators. They can recover encrypted files using EFS's data recovery mechanisms.

Some Security Issues with EFS

• Once logged in, users can access their EFS-encrypted data without additional authentication. So if a user's password is compromised, their data is automatically exposed. • Anyone who gains administrative privileges can overwrite and change the settings of the Data Recovery Agent. • If a user forgets their password and has not backed up their encryption key, files cannot be decrypted, resulting in data loss.