Encrypt or Decrypt files and folders.
Without parameters cipher will display the encryption state of the current folder and files.
NTFS volumes only.
Syntax:
Encrypt/Decrypt:
CIPHER [{/e | /d}] [/s:Folder] [options] [/u[/n]] [{PathName [...]]
New recovery agent certificate:
CIPHER /r:PathNameWithoutExtension
Remove data:
CIPHER /w:PathName
Backup Keys:
CIPHER /x[:PathName]
options:
/e Encrypt the folders.
Folders are marked so that files that are added to the folder later
are encrypted too.
/d Decrypt the folders.
Folders are marked so that files that are added to the folder later
are encrypted too.
/s:Folder
Performs the operation in the folder and all subfolders.
/a Perform the operation for files and directories.
/i Continue even after errors occur.
By default, cipher stops when it encounters an error.
/f Force the encryption or decryption of all specified objects.
By default, cipher skips files that have been encrypted or decrypted already.
/q Quiet - Report only essential information.
/h Display files with hidden or system attributes.
By default, these files are not encrypted or decrypted.
/k Create a new file encryption key for the user running cipher.
/u Update the user's file encryption key or recovery agent's key
to the current ones in all of the encrypted files on local drives
(that is, if the keys have been changed).
This option only works with /n.
/n Prevent keys from being updated.
Use this option to find all of the encrypted files on the local drives.
This option only works with /u.
PathName
A pattern, file, or folder.
/r:PathNameWithoutExtension
Generate a new recovery agent certificate and private key, and
then write them to files with the filename PathNameWithoutExtension.
/w:PathName
Remove data from unused portions of a volume.
PathName can indicate any directory on the desired volume.
Cipher does not obtain an exclusive lock on the drive.
This option can take a long time to complete and should only be used when necessary.
/x[:PathName] PathNameWithoutExtension
Identifies the certificates and private keys used by EFS for the
currently logged on user and backs them up to a file.
If PathName is provided, the certificate used to encrypt the files
is backed up. Otherwise, the user's current EFS certificate and keys
will be backed up.
The certificates and private keys are written to a file name
PathNameWithoutExtension plus the file extension .pfx.
It is recommended that you always encrypt both the file and the folder in which it resides, this prevents an encrypted file from becoming decrypted when it is modified.
Cipher cannot encrypt files that are marked as read-only.
Cipher will accept multiple folder names and wildcard characters.
You must separate multiple parameters with at least one space.
The /W option will remove data on unused portions of a volume, effectively erasing data that still resides on a hard drive after deletion. See Q814599 for a description of this.
Examples
List encrypted files in the reports folder:
CIPHER c:\reports\*
Encrypt the Reports folder and all subfolders:
CIPHER /e /s:C:\reports
Back up the certificate and private key currently used to encrypt and decrypt EFS files to a file:
CIPHER /x c:\myefsbackup
“He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself” ~ Thomas
Paine
Related:
FSUTIL - File and Volume utilities.
CMDKEY - Manage stored usernames/passwords.
Powershell: ConvertTo-SecureString - Convert to a secure string.