Encrypting File System (EFS) is a Windows built-in encryption tool used to encrypt files and folders on NTFS drives, to protect them from unwanted access.
EFS enables transparent encryption and decryption of files for user accounts, using standard, advanced encryption algorithms. Any person or application that does not have the proper file encryption key cannot open any encrypted files and folders. Encryption is the strongest protection Windows offers to help you keep your personal files and folders safe.
Creating certificate backups and PFX file encryption key help you avoid losing your permanent access to encrypted files and folders, if the certificate and root key are lost or damaged.
If you lose access to your encrypted files and folders, you won’t be able to reopen them unless you can restore the certificate and file encryption key used with EFS.
This tutorial will show you how to back up the certificate and file encryption key used with the Encrypting File System (EFS) in Windows 10 Pro, Enterprise, and Education editions.
Backup the existing EFS file encryption key and certificate from EFS symbol or message
You will see an EFS icon and message whenever a new file encryption key and certificate is generated.
This usually happens after you first encrypting a file or folder or manually generating a new key using the Cipher command.
1. Click the taskbar icon or EFS message.
2. Click Back up now .
3. Click Next.
4. Check the box Password , enter the password you want to protect your private key backup, re-enter this password to confirm and click Next.
5. Click the Browse button, navigate to where you want to save the backup, enter the file name you want, click Save> Next.
6. Click Finish.
7. When the export is finished successfully, press OK.
Back up the EFS certificate and encryption key in the Certificates Manager
1. Press Win + R to open Run , enter certmgr.msc into Run and click OK to open the Certificates Manager.
2. In the left panel of certmgr , expand Personal and open Certificates.
3. In the right panel of Certificates , select all the certificates for Encrypting File System in the Intended Purpose column, right-click or long-click on these selected certificates, click All Tasks> Export .
4. Click Next.
5. Select Yes, export the private key and click Next.
6. Click Next.
7. Check the box Password , enter the password you want to protect your private key backup, re-enter this password to confirm and click Next.
8. Click the Browse button, navigate to where you want to save the backup, enter the filename you want for the backup, click Save> Next .
9. Click Finish.
10. When the export is finished successfully, click OK.
- How to encrypt files and folders using EFS on Windows 10
Back up the current EFS file encryption key and certificate in the Command Prompt
1. Open Command Prompt.
2. Copy and paste the command below into the Command Prompt, and then press Enter.
cipher /x "%UserProfile%DesktopMyEFSCertificates"
3. Click OK.
4. Enter the password you want to protect private key backup from in Command Prompt and press Enter.
5. Re-type this password to confirm and press Enter.
6. Once the EFS certificate has been backed up successfully, you can close the Command Prompt if you want.
7. The file MyEFSCertificates.PFX is now saved to the desktop. This is a backup copy of your current file encryption key and certificate.