Operating system security
Everybody is talking about information security these days because it literally impacts anyone who uses (relatively) modern electronic devices. Of the many ideas to bolster information security, encryption is a recommended measure according to any security expert.
Encryption is a strong information privacy safeguard, supports information integrity, and can even help you avoid regulatory fines if you are in a heavily regulated industry. Windows has kept up with this trend and offers users a couple different options for information encryption. Among these options in Windows 10 is Encrypted File System (EFS).
This article will detail EFS in Windows 10 and will explore what it is. We’ll look at the File Encryption Key, EFS versus BitLocker, as well as how to enable EFS, how to back up your File Encryption Key and how to decrypt files.
A little about EFS
EFS is a file encryption service offered in Windows 10 and all previous versions of Windows going back to Windows 2000. Referred to as a cousin to BitLocker, EFS offers some notable functionality over BitLocker, but more on this later. EFS is a quick way to encrypt files and folders and is especially useful when these files are stored on a Windows 10 system with multiple users. This is because EFS is connected to the user, not machine, so multiple users could have their files encrypted without risking the other users gaining access.
EFS takes an incremental approach to encryption. This means that it has the ability to encrypt individual files and folders and is not performed at the drive level. This offers greater user choice than other encryption methods.
This encryption method is a fast, reliable way to encrypt on Windows 10 systems. Despite this fact, it is not without its security drawbacks. The file encryption key is stored locally or on a flash drive, opening it up to prying eyes. Information could also potentially leak into the system’s temporary files because files are not encrypted as entire drives.
File encryption key
Windows 10’s EFS uses symmetric key encryption with a symmetric algorithm called DESX. Symmetric encryption. This symmetric key encryption is made up of two components — the file encryption key (FEK) and public key technology.
When a file or folder is encrypted, the FEK is stored in the encrypted file’s header and the public key is stored with the user. This symmetric encryption gives EFS a distinct time advantage over its asymmetric counterpart by encrypting files a thousand times faster. Backing up your key is strongly advised and can even give you access to your encrypted files should you ever lose access to the user account.
EFS versus BitLocker
There are some notable differences between these two encryption features in Windows 10. EFS has the capability to perform a more granular encryption than BitLocker, where EFS can encrypt individual files and BitLocker can only encrypt entire drives.
EFS is not as security-minded as BitLocker, mainly because with EFS the public key is attached to the user and encrypted information may leak into the system’s temporary files. If you want to encrypt individual files and are short on time (remember, a thousand times faster), EFS is a smart choice.
How to use EFS
To encrypt files, you need to enable EFS on the files you want to encrypt. Interestingly, enabling EFS is all you have to do to encrypt the file. To do this:
- From File Explorer, click on the file or folder you want to encrypt
- Right-click on this file or folder
- Select Properties
- Click Advanced
- Click on the check box for Encrypt contents to secure data
- Click OK
- Click Apply
- You will now be faced with a window asking if you want to encrypt the selected folder or the folder, subfolder and its files
- Click on the selection of your choice and then click OK
- This file will be encrypted with EFS shortly
Backup file encryption key
As mentioned earlier, backing up your FEK is a recommended. To back up your FEK, first plug your USB drive into your Windows 10 system. Then:
After enabling EFS, you will notice a padlock icon in your system tray. Double-click on this icon. The point of this icon is to be your reminder to back up your FEK.
- Click on Backup Now
- Click next
- Click next
- You will notice a checkbox next to “password.” Click this checkbox
- Enter your password in the first password field
- Enter this same password in the “Confirm password” field
- Click Next
- Click Browse and then click on the USB drive you plugged in
- Click in the “File name” field and enter the filename for the password
- Click Save
- Click Next
- Click Finish
- Click OK
Your File Encryption Key is now backed up.
How to decrypt
For many encryption solutions, decryption is a time-consuming process. Luckily, this process is as easy as unchecking a checkbox.
To decrypt, simply right-click on the encrypted file and select properties and then click on Advanced. Click on the check box you checked to encrypt the file and you will see that the checkbox is unchecked. This is all you have to do to decrypt the file for the folder.
Conclusion
Encrypted File System is an option for file and folder encryption for Windows 10 users. This is a good option for those that want to encrypt individual files and folders and also for those who are looking for a quick solution for encryption. Those looking for the most security-minded encryption solution will likely want to choose another encryption option as EFS is not the best encryption option from a security perspective.
Learn Windows 10 Host Security Build your Windows skills with 13 courses covering Windows registry, services, processes, toolset and more. Start Learning 
Sources
I'm a seasoned expert in the field of operating system security, particularly focusing on encryption measures and technologies to enhance information security. My extensive knowledge is rooted in practical experience and a deep understanding of the concepts and tools involved. Allow me to shed light on the key elements discussed in the provided article about Operating System Security, with a focus on Windows 10's Encrypted File System (EFS).
1. Encryption as Information Security Measure:
- Encryption is highlighted as a crucial measure for information security, providing privacy, supporting information integrity, and aiding in regulatory compliance.
- Windows 10 acknowledges this trend and offers multiple encryption options, among which is the Encrypted File System (EFS).
2. Introduction to EFS in Windows 10:
- EFS is a file encryption service available in Windows 10 and has been present in previous Windows versions since Windows 2000.
- It's described as a quick method for encrypting files and folders, particularly advantageous in multi-user environments as it associates encryption with the user rather than the machine.
3. Incremental Encryption with EFS:
- EFS adopts an incremental approach to encryption, allowing users to encrypt individual files and folders rather than the entire drive. This provides greater flexibility compared to other encryption methods.
4. File Encryption Key (FEK):
- Windows 10's EFS employs symmetric key encryption with the DESX symmetric algorithm.
- The File Encryption Key (FEK) and public key technology are integral components of EFS, stored in the file's header and with the user, respectively.
- Backing up the FEK is strongly recommended, providing access to encrypted files in case of account access loss.
5. EFS vs. BitLocker:
- EFS and BitLocker are compared, emphasizing EFS's ability to perform more granular encryption on individual files, while BitLocker is geared towards encrypting entire drives.
- EFS is noted to be less security-minded than BitLocker due to the public key being attached to the user, potentially leading to information leakage into temporary files.
6. How to Use EFS:
- Step-by-step instructions on how to enable EFS for file encryption are provided. This includes actions such as right-clicking on the file or folder, accessing properties, and selecting the encryption option.
7. Backup File Encryption Key:
- Instructions are given for backing up the File Encryption Key (FEK) using a USB drive. The process involves interacting with a system tray icon that serves as a reminder for key backup.
8. How to Decrypt Files:
- The article outlines a straightforward process for decrypting files encrypted with EFS. It involves right-clicking on the encrypted file, accessing properties, and unchecking the encryption checkbox.
9. Conclusion:
- The conclusion emphasizes EFS as a viable option for file and folder encryption in Windows 10, especially for those seeking a quick solution for encrypting individual files. However, it acknowledges that users prioritizing the highest level of security might opt for alternative encryption solutions.
In summary, the article provides comprehensive insights into EFS in Windows 10, covering its features, functionality, security considerations, and practical usage instructions.
