Encrypting File System (EFS)

The key used for these kinds of symmetric encryption is called as File Encryption Key (or FEK). This FEK is in return encrypted with a public or a private key algorithm like RSA and stored with the file. The main positive aspect of using two different algorithms is that the speed of encrypting those files. And these increase in speeds of encrypting files helps the users to effectively encrypt large chunks of data. The speed of symmetric algorithms is about 1000x faster than that of the traditional asymmetric encryption techniques.

The process of EFS Encryption

The process is fairly simple yet secure.

Encryption

The first step involves the file itself. Using the Symmetric Key (FEK) the file is encrypted. This is just one aspect of the total encryption. Now the Symmetric Key (FEK) is encrypted with a public key for the user, and the Encrypted FEK is stored in the Encrypted file’s header. As simple as that.

Decryption

Here, the reverse of encryption is done as the name suggests. First of all, the Encrypted FEK from the Encrypted File’s Header is fetched and decrypted using the Public Key. Now, the decrypted FEK is used to decrypt the Encrypted file finally and then the file is made readable to the authorized user.

EFS vs. BitLocker encryption

BitLocker is another technique of encrypting files on Windows just like EFS. This means that Windows provides two methods of encrypting files just on Windows. A user can also encrypt a file twice by encrypting it first with EFS and then with BitLocker or vice versa. This feature makes it 2x more secure than usual. BitLocker has an image of slowing down the computer when used to encrypt files, but EFS is considered to be far more light-weight. But this difference is not seen much on modern hardware that is available and used more often. Summing up EFS encryption encrypts files or folders one by one. Unlike BitLocker that encrypts them together. This also means that when a file is executed, and Windows creates a temporary cache of that file, that temporary cache can be used as a leak to the information and unauthorized access can be taken over by an unintended user. EFS works with NTFS only. This does not mean that a user should not be using EFS but what this really means is that the user has a choice of encrypting files with a suitable algorithm depending upon what type of data that file stores within it. We will in the next few days, cover the following topics: Stay tuned!