In the previous installment of this article, I outlined how to encrypt a file through My Computer. An alternative method for encrypting files is the use the Cipher.exe command line utility. It can be used to encrypt, decrypt, and view the status of folders and files. The various switches that can be used with the command are outlined below.
- The /E switch is used with the Cipher command to set encryption.
- The /D switch is used to disable (or remove encryption) of a folder.
- The /A switch must be used to encrypt specific files. By default, cipher works only on folders.
You do more than just encrypt folders and files with the cipher.exe command. By adding the /K switch, you can generate a new file encryption key for the current user. The cipher.exe command can also be used to remove the data from any unused portions of the disk. By using the /W: switch with the command, all data from unused portions of the volume on which resides will be removed. This is important because an seasoned attacker could attempt to recover data on unused areas of the disk that has been moved or deleted (and therefore removed from the file index). By running the cipher /W command this type of attack will be impossible.
[tags]efs,microsoft certification,exam,encrypting file system,encryption[/tags]