Windows XP Hacks [Electronic resources] نسخه متنی

Hack 26 Hiding Folders and Files with the Encrypting File System

Protect all the information on your PC from
prying eyes, using XP Professional's built-in
encryption scheme.

If you have Windows XP Pro, you can use the
Encrypting
File System (EFS) to
encrypt your files so that no one else can read them.

Home Edition users won't be pleased to know that EFS isn't available for Windows XP home users.

EFS lets you encrypt only the files and folders of your choice; you
can encrypt a single file or folder, or all of your files and
folders. Encrypted files and folders show up in Windows Explorer as
green, so you can tell at a glance which have been encrypted. You can
work with encrypted files and folders transparently. In other words,
after you encrypt them, you open them and close them as you normally
would any other file. They're decrypted on the fly
as you open them, and then decrypted as you close them.
You're the only person who can read or use the
files. Encryption is tied to your account name, so even other
accounts on the same computer won't be able to read
or use them, unless you specifically grant access to certain
accounts.

Each time you encrypt a file, EFS generates a random number for that file called the file encryption key (FEK). EFS uses that FEK to encrypt the file's contents with variant of the Data Encryption Standard (DES) algorithm, called DESX. (DESX features more powerful encryption than DES.) The FEK itself is encrypted as well, using RSA public key-based encryption.

EFS does have a few minor limitations you should be aware of:

EFS works only on NTFS volumes. If you have a FAT or FAT32 volume,
you'll have to convert it to NTFS if you want to use
EFS [Hack #31].

EFS won't work on compressed files. [Hack #31]. You'll have to
decompress them if you want to encrypt them. Similarly, if you want
to compress an encrypted file, you'll have to
decrypt it.

EFS can't compress files in the
C:\Windows folder or any files marked with the
System attribute.

When you work with encrypted files and folders, they seem to behave
like any other files on your hard disk. In fact, though, their
behavior is somewhat different, and you may notice files you thought
were encrypted suddenly become decrypted for no apparent reason. So,
before you turn on encryption, you should understand the common
actions you can take with encrypted files and folders, and what the
results will be. Table 3-5 lists what

you need to
know.

3.7.1 Encrypting Files and Folders

To encrypt a file or folder,
right-click on the folder or file and choose Properties
General Advanced. The Advanced Attributes dialog box
appears, as shown in Figure 3-12.

If no Advanced button appears on the Properties dialog box, it means that you aren't using NTFS, so you can't use encryption.

Figure 3-12. Encrypting files or folders using the Advanced Attributes dialog box

Check the box next to "Encrypt contents to secure
data." Note that you can't check
both this box and the "Compress contents to save
disk space" box. You can either compress the item or
encrypt it, but not both.

Click OK and then OK again. If you're encrypting a
folder, the Confirm Attributes Changes dialog box appears, as shown
in Figure 3-13. You have a choice of encrypting the
folder only, or encrypting the folder plus all subfolders and all the
files in the folder and subfolders. If you encrypt the folder only,
none of the files currently in the folder will be encrypted, but any
new files you create, move, or copy into the folder will be
encrypted.

Figure 3-13. Encrypting the folder only, or all the subfolders and files as well

If you're encrypting a file in an unencrypted
folder, the Encryption Warning box will appear, as shown in Figure 3-14. You have the choice of encrypting the file
only, or the file and the parent folder. As a general rule, you
should encrypt the folder as well as the file, because if you encrypt
only the file, you may accidentally decrypt it without realizing it.
Some applications save copies of your files and delete the original;
in those instances, the files become decrypted simply by editing
them. If you encrypt the folder as well, all files added to the
folder are encrypted, so the saved file is automatically encrypted.
Click OK after you make your choice.

Figure 3-14. Encrypting the parent folder as well as the file

Note that you won't be able to encrypt every file on
your system. Files that have the System attribute,
as well as files located in C:\Windows and its
subfolders can't be encrypted.

3.7.2 Decrypting Files and Folders

You decrypt files and folders in the
same way that you encrypted them. Right-click on the file or folder,
choose Properties Advanced, clear the check from the box
next to "Encrypt contents to secure
data," and click OK and then OK again.

3.7.3 Letting Others Use Your Encrypted Files

When
you
encrypt files, you can still share them with others and let them use
them as if they were not encryptedwhat XP calls
"transparently."
You'll be able to share them this way only with
others users on the same computer or with others on your network. You
designate who can use the files and who can't. To
allow specified people to use your encrypted files, right-click on an
unencrypted file and choose Properties General
Advanced. The Advanced Attributes dialog box appears. Click Details.
The Encryption Details dialog box appears, as shown in Figure 3-15. It lists all the users who are allowed to use
the file transparently. Click Add.

Figure 3-15. The Encryption Details dialog box

The Select User dialog box appears. Choose the user you want to be
able to use your encrypted files, and click OK. Only users who have
Encrypting File System certificates on the computer will show up on
this list. The easiest way for someone to create a certificate is to
encrypt any file; that automatically creates a certificate.

3.7.4 Encrypting and Decrypting from the Command Line

If you prefer the command line to a graphical interface, you
can encrypt and decrypt using the cipher.exe
command-line tool. To find out the current state of encryption of the
directory you're in, type cipher
without parameters at a command prompt. cipher
tells you the state of the directory. For individual files, it lists
a U next to files that are not encrypted, and an
E next to those that are encrypted.

When used with parameters, cipher can encrypt and
decrypt files and folders, show encryption information, create new
encryption keys, and generate a recovery agent key and certificate.

To encrypt or decrypt a folder or file, use the complete path,
filename (if you're acting on a file), and any
appropriate switches, as outlined in Table 3-6.
The /E switch encrypts folders or files, and the
/D switch decrypts them. To perform the task on
multiple folders or files, separate them with single spaces. For
example, to encrypt the \Secret and
\Topsecret folders, issue this command:

cipher /E \Secret \Topsecret

Note that you can use wildcards with the
cipher command. Using the
command line instead of the graphical interface is particularly
useful for performing bulk or batch operationsfor example,
simultaneously encrypting or decrypting multiple folders or files, or
types of files within folders. Let's say, for
example, you want to encrypt every .doc file in
the \Secret and \Topsecret
folders, but not touch any other files in those folders. You issue
this command:

cipher /E  /A \Secret\*.DOC  \Topsecret\*.DOC

Table 3-6 lists the most useful command-line
switches for cipher. For more help, type
cipher /? at the command
line.

/A

/D

/E

/F

/H

/I

/K

/R

/S

/U

/U /N

/Q

/W