An Encrypting File System (EFS) is a functionality of the NTFS (New Technology File System) found on the various versions of Microsoft Windows. The EFS facilitates the clear encryption and decryption of a file by making use of complex, standard cryptographic algorithms.
The cryptographic algorithms are used in the EFS to provide useful security countermeasures, where only the intended recipient can understand the cryptography. The EFS uses symmetric and asymmetric keys during the encryption process, but it does not protect data transmission. Rather, it protects data files within the system. Even if someone has access to a certain computer, whether it is authorized or not, NTFS permissions cannot unlock the EFS cryptography without the secret key.
The EFS is actually a transparent public key encryption technology. NTFS permissions allow or deny the user access to the files and folders in various Windows operating systems (OS), XP (excluding XP Home Edition).
Features of Key EFS are as follows:
- The EFS developers remind the users that once a folder is marked as encrypted, all files in that folder are also encrypted that includes the future files also in that particular folder. And also, a custom setting for encrypting “this file only” is available.
- The file’s encryption feature may be removed by clearing a check box in the file properties.
- The Encryption passwords are identity specific, so it is important for employees to avoid sharing the passwords and equally important that users should remember their passwords.
- The encryption process is easy. Select the checkbox in the file or folder’s properties to turn on the encryption.
- Although it was used by many organizations, EFS must be handled with caution and knowledge, to avoid the encrypting content that should be transparent, rather than secure.
- The EFS offers control over who can read the files.
- The files selected for the encryption are encrypted once they are closed but are automatically ready to use once opened.