Changes in EFS

Applies To: Windows 7, Windows Server 2008 R2

Encrypting File System (EFS) is a core file encryption technology used to store encrypted files on NTFS file system volumes. Encrypted files cannot be used unless the user has access to the keys required to decrypt the information. EFS supports industry-standard encryption algorithms including Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), elliptic curve cryptography (ECC), smart card–based encryption, and other features. As encryption standards continue to progress and old algorithms become less secure, new encryption algorithms must be incorporated to help users protect their data.

EFS support of ECC

In Windows 7, the architecture of EFS has changed to incorporate ECC. This enables EFS to be compliant with Suite B encryption requirements as defined by the National Security Agency to meet the needs of United States government agencies for protecting classified information. Suite B compliance requires the use of AES, SHA, and ECC cryptographic algorithms for data protection. Suite B does not allow RSA cryptography.

EFS in Windows 7 supports a "mixed-mode" operation of ECC and RSA algorithms. This provides backward compatibility with EFS files that were created by using algorithms supported in previous versions of Windows. This might be useful in organizations that use RSA and also want to use the ECC algorithm to prepare for Suite B compliance.

Use of self-signed certificates

The default setting for EFS public key policies allows EFS to generate self-signed certificates when a certification authority (CA) is not available. Some organizations do not allow self-signed certificates to be used because of concerns about information security risks. If you disable this setting, users must be granted a certificate from a trusted CA before they can use EFS.

If you allow the use of self-signed certificates, you can specify the encryption key length used when encrypting files and folders. By default, EFS uses the 2,048-bit key size for self-signed RSA certificates and the 256-bit key for ECC certificates. The following RSA and ECC keys are available:

  • 1,024-bit RSA

  • 2,048-bit RSA

  • 4,096-bit RSA

  • 8,192-bit RSA

  • 16,384-bit RSA

  • 256-bit ECC

  • 384-bit ECC

  • 521-bit ECC

Group Policy changes for EFS

The steps to enable EFS have not changed as a result of supporting ECC; however, additional administrative options related to ECC have been added. Specifically, Group Policy settings can be used by administrators to deny the creation of EFS files by using algorithms that are not Suite B–compliant. The policy setting for EFS is located in the Local Group Policy Editor under Local Computer Policy\Windows Settings\Security Settings\Public Key Policies\Encrypting File System.

After the EFS policy settings are enabled and configured, you use Group Policy settings to specify how ECC is supported. Under Public Key Policies, open the Encrypting File System properties. Then, on the General tab under Elliptic Curve Cryptography, select the appropriate option: either Allow to enable the use of both ECC algorithms and RSA algorithms, Require to permit only ECC encryption algorithms be used, or Don't allow to use only RSA encryption.


These policy settings apply only when a file or folder is initially encrypted. If a file or folder was encrypted before this setting was configured, the user will still have access to the content and it will still be encrypted by using the algorithm that was enforced at that time.
Selecting Require does not enforce the use of AES for the file encryption key; it only enforces the use of an ECC algorithm. Some ECC algorithms are Suite B–compliant and some are not.

Changes to the Cipher.exe command-line tool

The /K and /R options to Cipher.exe include an optional /ECC:length parameter, which allows ECC keys to be generated. The key length for ECC keys can be specified as either 256, 384, or 521. This parameter is ignored unless a self-signed certificate is being generated.