Encrypting File System (EFS)
Definition - What does Encrypting File System (EFS) mean?
An Encrypting File System (EFS) is a functionality of the New Technology File System (NTFS) found on various versions of Microsoft Windows. EFS facilitates the transparent encryption and decryption of files by making use of complex, standard cryptographic algorithms.
The cryptographic algorithms are used in EFS to provide useful security countermeasures, whereby only the intended recipient can decipher the cryptography. EFS uses symmetric and asymmetric keys during the encryption process, but it does not protect data transmissions. Rather, it protects data files within systems. Even if someone has access to a certain computer, whether authorized or not, he still cannot unlock the EFS cryptography without the secret key.
Techopedia explains Encrypting File System (EFS)
EFS is actually a transparent public key encryption technology that operates with NTFS permissions to allow or deny user access to files and folders in various Windows operating systems (OS), including NT (excluding NT4), 2000 and XP (excluding XP Home Edition).
Key EFS features are as follows:
- The encryption process is easy. Select the check-box in the file or folder's properties to turn on the encryption.
- EFS offers control over who can read the files.
- Files selected for encryption are encrypted once they are closed but are automatically ready to use once opened.
- The file's encryption feature may be removed by clearing the check-box in the file properties.
Although used by many organizations, EFS must be handled with caution and knowledge, to avoid encrypting content that should be transparent, rather than secure. This is compounded by the fact that it may be difficult to decrypt data content that was not meant to be encrypted in the first place.
EFS developers remind users that once a folder is marked encrypted, all files contained in that folder are encrypted as well, including future files transported to that particular folder. However, a custom setting for encrypting “this file only” is available.
Encryption passwords are identity specific, so it is important for employees to avoid sharing passwords and equally important that users remember their passwords.