Share via

Encryption using Windows 11 - details?

Anonymous
2023-06-06T18:24:38+00:00

I have been using a 3rd party app to encrypt my sensitve files etc.. But that is being discontinued. So now I am using Windows 11 I can use that . Searched about it and most say. RH Click on File Properties advanced etc... Encrypt. They don't say much more. So when I used it I had to use a Password - fair enough. But it also mentioned a code/number associated with it. Said save it. But this has not been clearly explained. There was a number I think on one of the windows - was that it? Is this like a Bit Locker recovery key? All I want it is a bit more detail. Even the MS Tech Note seems thin to me. Any help? A full explanation of any 'keys' or where things are stored etc... And saving anything for recovery apart from remembering the Password !! But when I went to open the file having used it - it didn't aks me for the password. Think there is a bit more behind the scenes.

Windows for home | Windows 11 | Files, folders, and storage

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Igor Leyko 108.5K Reputation points Independent Advisor
    2023-06-06T19:40:03+00:00

    Hi,

    My name is Igor, it's a pleasure for me to help others and I'll do all my best to help you.

    EFS encryption does not use a key for encrypting or decrypting. It uses encryption certificate instead. This certificate is linked to user account and stored in registry. It may be exported to transfer acccess rights to another account.

    EFS generates a random encryption key (FEK) for the file and uses FEK and the Data Encryption Standard X (DESX) algorithm to encrypt the data. DESX is a symmetric algorithm, so FEK is also used in the recovery process, and EFS should protect it from unauthorized access. To protect the FEK, EFS encrypts it with the user's public key using an asymmetric RSA algorithm and stores the encrypted FEK in a file. When a user opens and reads an encrypted file, EFS decrypts the FEK using the user's public key, and then decrypts the file data using the recovered FEK.

    In a nutshell - each file is encrypted with its own key, this key is stored together with the file,

    Some information is available in Russian but not in English: https://learn.microsoft.com/ru-ru/security-upda...

    0 comments
  2. Anonymous
    2023-06-07T09:00:33+00:00

    Thats excellent. Ok so: Suppose I transfer the file to another machine. How can I read it. I will need the locally FEK key that is stored in my normal computer in the registry - that's what I think you said. How can one export the key so that on another computer. There must be a way to export/save the key.

    I have saved my BitLocker key code.

    The reason I can open the file on my PC which encrypted it is because I have the keys stored. So if I now put the file on my laptop which I take with me I will need that key. That is my Windows 11 laptop. I also have a Linux Mint laptop. I might need to think/find a way to encrypt those files.

    But thanks for such an excellent and helpful answer

    0 comments
  3. Igor Leyko 108.5K Reputation points Independent Advisor
    2023-06-07T17:13:11+00:00

    You may use cipher /r command to export the certificate and then import it at another PC.https://learn.microsoft.com/en-us/windows-serve...

    As for multysistem enctyption, you may look at TrueCrypt, VeraCrypt, or similar tools.

    1 person found this answer helpful.
    0 comments