• Information Security Office
• Secure Computing
• Windows Desktop File Encryption with EFS

Windows Desktop File Encryption with EFS

Beware that any encryption can result in irretrievable loss of data if the keys/passwords are misplaced or destroyed; consult a qualified system administrator if you feel you need assistance.

Introduction

The Microsoft Windows Encrypting File System (EFS), available on Windows 2000 and Windows XP Professional computers formatted with NTFS, lets a user encrypt designated files or folders on a local computer for added protection. EFS is not available on non Microsoft based operating systems. When a file is encrypted, EFS automatically decrypts the file for use and re-encrypts the file when it is saved. No one can read these files except the user who encrypted the file. Since the encryption mechanism is built into the disk file system, the operation is transparent to the user.

EFS is particularly useful for protecting data on a computer that might be physically stolen, such as a laptop. You can configure EFS on laptops to ensure that all business information is encrypted in users' document folders. Encryption protects information even if someone bypasses EFS and uses low-level disk utilities to try to read information. On the other hand, EFS has shortcomings due to its reliance on Windows user accounts to work, and inconsistencies in implementation when the encrypted file is moved from a local computer. For example, an attack can be mounted against an improperly secured user account, and if successful others may own the encrypted file anyway. Of paramount importance is awareness that files can lose their EFS encryption when sent via email, moved across a network via shared folders, or when moved to a non NTFS drive (like the tiny USB flash drives or floppies formatted with FAT instead of NTFS). In the latter case, fortunately Windows XP will present you with a warning that the file will be decrypted if you proceed. The file must be on an NTFS formatted drive to stay encrypted. As a general rule, you should be fine as long as the encrypted file stays on the computer with an NTFS disk drive, which by default all Windows XP PCs are shipped with. The minute you start moving files out of your computer is when you should be aware of these caveats. For more information, see the next section File Operations in Shared and Standalone Environments detailing these caveats.

You encrypt/decrypt a file or folder by setting the encryption property for files and folders just as you set any other attribute such as read-only, compressed, or hidden. The folder method is the easiest way to implement EFS. If you encrypt a folder, all files and subfolders created in the folder are automatically encrypted.  When you move, copy, or save a file in the encrypted folder, the file is automatically encrypted. Encrypting a folder or file does not protect against deletion or listing of files or directories. Anyone with the appropriate folder permissions can delete or list encrypted folders or files.

On Windows XP, once you have encrypted a file you may assign additional local or domain users access to that encrypted file.  This EFS file sharing feature allows you to add additional users on a per file basis to decrypt/encrypt the file.  When you encrypt a folder, the encryption attribute is applied to the folder and users with folder access can also encrypt and decrypt their own files inside the folder. However, they cannot open each other's encrypted files unless they explicitly give each other EFS file share access to those files. For example, if John and Mary have access to a folder and John decides to encrypt the folder, then John and Mary can encrypt files within this folder but they will not have access each other's encrypted files unless those files have EFS file sharing assigned to both users.

Step-by-step instructions on how to encrypt a file are in the section How to Encrypt a File of this document below.

File Operations in Shared and Standalone Environments

EFS is primarily intended  for protection of user files on the local disk drive of a standalone computer that has the NTFS disk file system (not FAT), although  EFS has now been scaled  to function in a Microsoft Domain and Active Directory enterprise environment.  As of this writing, EFS on a server enterprise environment with shared folders has many short comings unless all workstations and servers are deployed in a cohesive Microsoft enterprise AD platform with a PKI (Public Key Infrastructure). As you move away from a local desktop model to one that includes sharing files on network folders, sending emails with encrypted files, or copying and moving encrypted files to non NTFS drives, there are numerous exceptions and special conditions to be aware of.

In general, encrypted files and folders can be renamed, copied, moved, or deleted. Renaming does not cause decryption, but moving or copying a file or folder can result in decryption.  In general, as long as you stay away from using the command line, the results will be consistent. The effects of moving or copying encrypted files and folders vary according to whether the files or folders are moved or copied locally or remotely. If uncertain, make sure the file name stays green colored (the encryption attribute is set).

• Email Attachments: When you send an encrypted file as an email attachment, the attachment will be sent and received decrypted.
• Local Encrypted File Operations: Encrypted files or folders retain their encryption after being either copied or moved, either by using My Computer, Explorer, or by using command-line tools, to target local volumes, provided that the target volume uses the version of NTFS used in Windows 2000 or later, or XP. Otherwise, encrypted files are stored as plaintext, and encrypted folders lose the encryption attribute. Note that most floppy disks and mini USB drives are not NTFS and your encrypted files will be decrypted with these.
• Local Plaintext (Non Encrypted) File Operations:
  
  
  1. When plaintext files are copied or moved to an encrypted folder on a local NTFS volume, they are encrypted as long as you use the user interface (Explorer or My Computer) and not the command-line version of these commands. As long as you do not use the command-line to copy or move, your files will be encrypted. The command line versions of copy and xcopy will result in encryption, but the move command has caveats that can result in non encryption.
  2. When plaintext files are moved with the command-line move to an encrypted folder on a local NTFS volume, the following will result:
     If the target is in a local volume, the file will not be encrypted. This is because the move command simply renames the file, unless the file is moved to a different volume. If the file is moved to an encrypted folder on a different local volume, it is encrypted. (Verified by Stanford U Security, 04/07/2006)
     
     
• Remote File Operations: When encrypted files or folders are copied or moved to or from a network file share on a remote computer, the files are decrypted locally, transmitted in plaintext, and then re-encrypted on the target volume "if possible".  The exceptions are when both the source and target are Webdav (Web Distributed Authoring and Versioning) folders or if IPSEC or SSH are deployed, which in this case the file will stay encrypted while in transit provided encryption is supported on both ends. The "if possible" is from an official Windows XP document and reflects the multitude of source and target variables which result in the file being either encrypted or decrypted at the target. Due to the mixed Windows server environment on campus, remote file transfer of encrypted files is to be avoided.

Encryption Mechanism

When a file is encrypted by a user, it is encrypted with a symmetric file encryption key (FEK) that I unique to this file. This key will be the only key used to encrypt and decrypt the file. The FEK is itself encrypted with a public key and then stored in a special field called the data decryption field (DDF), which is attached to the original encrypted file. The public key is part of a public and private key pair generated when the user encrypts for the first time. The public key is to encrypt the FEK and the private key is to decrypt the FEK, and the FEK itself is subsequently used to encrypt/decrypt the original file. Additional users with access to the encrypted file will have their own unique public and private key pair to encrypt/decrypt the same FEK. The private key is most important and needs to be safeguarded as it is used to decrypt the FEK. The private and public key, and the corresponding certificate are uniquely assigned to each user account when the user encrypts at least one file, and are stored securely on the local computer. Every encrypted file has a unique FEK, but each user will have only one public/private key pair.

Certificate and Public Key Storage (Reference)

Windows XP Professional stores a user’s public key certificates in the user’s personal certificate store. Certificates are stored in plaintext because they are public information, and they are digitally signed by certification authorities to protect against tampering.

User certificates are located in the RootDirectory\Documents and Settings\username \Application Data\Microsoft\SystemCertificates\My\Certificates folder for each user profile. These certificates are written to the user’s personal store in the system registry each time the user logs on to the computer. For roaming profiles, users’ certificates are located on the domain controller and follow users when they log on to different computers in the domain.

Private Key Storage (Reference)

Private keys for the Microsoft RSA-based cryptographic service providers (CSPs), including the Base CSP and the Enhanced CSP, are located in the user profile under RootDirectory\Documents and Settings\username\Application Data\Microsoft \Crypto\RSA. In the case of a roaming user profile, private keys reside in the RSA folder on the domain controller and are downloaded to the user’s computer until the user logs off or the computer is restarted.

Because private keys must be protected, all files in the RSA folder are automatically encrypted by using a random symmetric key called the user’s master key. The user’s master key is 64 bytes in length and is generated by a strong random number generator. 3DES keys are derived from the master key and are used to protect private keys. The master key is generated automatically and is periodically renewed. It encrypts each file in the RSA folder automatically as the file is created.

Data Recovery

When you encrypt a file, there will be risks that it cannot be read again. The owner of the private key, which is required to decrypt a file, may leave the organization without decrypting the files. In other instances the user's profile may become corrupted or deleted, in which case the user private key will not be available to decrypt the FEK in order to then decrypt the user's files. Backing up the user's public and private keys, EFS file sharing, or the use of data recovery agents (DRAs) are some methods to recover (decrypt) data. A DRA is a designated existing user account issued with a unique recovery private and public key pair (for the FEK) that will allow the recovery of any user encrypted file on the computer. In Windows 2000, a DRA is mandatory for EFS to function and by default is the domain administrator for a Windows 2000 domain. Windows XP eliminates this requirement and no longer creates a default DRA on newly installed machines in a workgroup (standalone). This effectively prevents previous offline attacks against the administrator account. The optional DRA must be created manually by a user and installed. This document will cover steps to back up one's public and private keys for data recovery in the section Backing Up Your EFS Certificate and Keys. These keys are to be stored away in a safe and locked environment.

How to Encrypt a File

1. From Windows Explorer or My Computer, navigate and select the folder you want encrypted. In this example, a folder "Encrypted Folder" will be encrypted so that any file placed inside this folder will be encrypted.
   
   
   
   
2. Right click the folder and choose properties and then click the Advanced... button.
   
   
   
   
3. Check the Encrypt contents to secure data attribute. Note that a folder may be compressed or encrypted, but not both. Click OK again when done.
   
   
   
   If there are already files and or subfolders inside this folder, an additional pop up dialog will appear, otherwise you are done (go to step 4). This additional dialog (Figure 4) will present two options for you:
   
   • Apply changes to this folder, subfolders and files - Choose this to encrypt the folder so that everything inside this folder is encrypted, and this includes files and folders that are later moved to or created inside this folder.
   • Apply changes to this folder only - Choose this to encrypt only the folder so that all files/folders subsequently moved or created in this folder will be encrypted. Existing files and folders are not encrypted.
     
   Choose one radio button and then click OK.
   
   
   
   
4. Notice the folder name turns green when the folder has an encrypt attribute set. New files and folder placed inside will also have green names (encrypted). When you copy or move a file out of an encryption folder, the green color of a file/folder name means encryption has been preserved. If the color is black, it means the file has been decrypted.
   
   

EFS File Sharing - Sharing Your Encrypted Files

You may share an encrypted file with additional users after you have encrypted the file. You can only do this on a per file basis.  EFS file sharing allows other users you designate with the ability to decrypt and encrypt your original encrypted file. These users may also move, copy, or delete the encrypted file if they have such file permissions.

Once a file has been initially encrypted, file sharing is enabled through a new button. After right clicking and selecting the Advanced Properties of an encrypted file, a user may be added by selecting the new Details... Button.

You will be presented with a window showing who has EFS access to this file.

Click the Add... button to add more users.

You may add other users (not groups) from the local machine or from the Active Directory, provided the user has a valid EFS certificate. Users without a valid EFS certificate will not be shown. A valid EFS certificate is automatically created whenever a user encrypts a file, and the user can simply encrypt a file to have one created automatically. Select a user you want to add.  If the user is in active directory, you can find the user via the Find User... button. Click OK to return and view the user has been added to the EFS file share list. Click OK again (3 times) and you are done.

Backing Up Your EFS Certificate and Keys

It is important to back up your EFS certificate and keys in the event your user account profile may become corrupted or deleted, in which case you will not have the private key to decrypt your files. If you did not backup your keys, but have permitted other users to EFS share your encrypted files, those users can recover your data. You should back up your certificate and keys to an external storage media (floppy, USB mini drive) and have it locked away.

To export your EFS keys and certificate from your computer for backup purposes, do the following:

• Launch Microsoft Internet Explorer web browser.
• From the Tools menu, click Internet Options.
• On the Content tab, in the Certificates section, click Certificates.
• Click the Personal tab.
• Notice there may be several certificates present, depending on whether you have installed these certificates for other purposes.
  
  
  
  
• Select one certificate at a time until the Certificate Intended Purposes field shows Encrypting File System (Red highlighted area on image). This is the certificate that was generated when you encrypted your first file/folder.
• Choose the Export button to start the Certificate Export Wizard, and click Next.
• Choose Yes to export the private key, and then click Next.
• Choose Enable Strong protection, and then click Next.
• You will be prompted to type a password to protect your private key. Do not forget this password. Reconfirm the password and click Next.
• Specify where you want to save the certificate and key into a single file with a .pfx extension. You can specify this path to a storage media such as a floppy disk or USB mini drive and click Next.
• Choose Finish and you are done. Move the media to safe storage.

Works Cited

The source of this entire document has been derived from two sources. These two sources can serve as additional areas for reference.

• Windows XP Professional Resource Kit, Using Encrypting File System. Microsoft, November 3, 2005 http://technet.microsoft.com/en-us/library/bb457116.aspx
• UC Irvine Network & Security Web Page, NACS Data Protection Suggestions, File Encryption Using Windows 2000/XP EFS, March 30, 2005 http://www.nacs.uci.edu/security/New_Pages/EFSforWindows.html