Encryption is the process of converting data into a format that cannot be read by others. You can use EFS to automatically encrypt your data when it is stored on the hard disk.You can encrypt files only on volumes that are formatted with the NTFS file system.EFS, the Encrypted File System, is a feature native to Windows XP that can be used to encrypt(or encode) sensitive files so that only you are able to see and access them. Encryption is the strongest form of protection that Windows provides.The EFS feature is not included in Microsoft Windows XP Home Edition.EFS does support file sharing between multiple users on a single file.
The use of EFS file sharing in Windows XP provides another opportunity for data recovery by adding additional users to an encrypted file.Although the use of additional users cannot be enforced through policy or other means, it is a useful and easy method for enabling recovery of encrypted files by multiple users without actually using groups, and without sharing private keys between users.
How to Encrypt a File
You can encrypt files only on volumes that are formatted with the NTFS file system. To encrypt a file:
- Click Start, point to All Programs, point to Accessories, and then click Windows Explorer.
- Locate the file that you want, right-click the file, and then click Properties.
- On the General tab, click Advanced.
- Under Compress or Encrypt attributes, select the Encrypt contents to secure data check box, and then click OK.
- Click OK. If the file is located in an unencrypted folder, you receive an Encryption Warning dialog box. Use one of the following steps:
- If you want to encrypt only the file, click Encrypt the file only, and then click OK.
- If you want to encrypt the file and the folder in which it is located, click Encrypt the file and the parent folder, and then click OK.
To keep your encrypted files and folders secure, you need to apply several strict conditions:
- Your computer must use the NTFS file system.
- You need a strong user password.
- Always set the BIOS to require a password and then disable the floppy disk/CD boot option.This prevents someone using a utility like NTFSDOS to read files without having to provide a username and password.
- Rather than encrypt individual files, you should encrypt folders like the My Documents folder.
- To ensure temporary files are encrypted, also encrypt the %TEMP% and %TMP% folders.
- Never copy encrypted files to a FAT volume (including floppy disk) or to an NTFS volume running Windows NT; otherwise the files will be decrypted.
- You should backup your personal encryption certificate (and recovery agent certificate) to removable media(USB/Floppy/CD) and store in a secure location.