I have a problem with efs filesystem encryption windows xp

August 27, 2020 by Brayden Callaghan


TIP: Click on this link to repair Windows errors and increase system performance.

These instructions identify some possible causes that can cause efs windows xp file system encryption. Then you can try to solve the problem by suggesting possible solutions.

  1. Right click on the folder you want to encrypt and select Properties.
  2. On the General tab, click the Advanced button.
  3. In the Advanced Attributes window, select the Encrypt content to protect data check box.
  4. Click OK and then OK again.



EFS - Encrypt The File System. Encrypted Files And Folders

Internal EFS

EFS uses symmetric key encryption in combination with public key technology to protect files. The file data is encrypted with the symmetric algorithm (DESX).

The key used for symmetric encryption is called the file encryption key (FEK). The FEK, in turn, is encrypted using a public / private key algorithm (RSA) and stored in a file.

The reason for using two different algorithms is the encryption speed. The performance load of asymmetric algorithms is too great to be used to encrypt large amounts of data. Symmetric algorithms are about 1000 times faster and therefore suitable for encrypting large amounts of data.

encrypting file system efs windows xp

As the first installation for encrypting files, NTFS creates a log file named Efs0.log in the System Volume Information folder on the same drive as the encrypted file. EFS then accesses the CryptoAPI context. It uses Microsoft Base Cryptographic Provider 1.0 as its encryption provider. When the context openst encryption, EFS generates a file encryption key (FEK).

February 2021 Update:

We now suggest using this software program for your issue. Also, Reimage repairs typical computer system errors, defends you from file loss, malicious software, computer system failures and optimizes your Pc for maximum performance. You can fix your Pc challenges swiftly and prevent others from happening by using this software:

  • Step 1 : Download and install Computer Repair & Optimizer Tool (Windows 10, 8, 7, XP, Vista - Microsoft Certified).
  • Step 2 : Click on “Begin Scan” to uncover Pc registry problems that may be causing Pc difficulties.
  • Step 3 : Click “Repair All” to fix all errors.


The next step is to get a public / private key pair. If it does not exist at this point (the case when EFS is called for the first time), EFS creates a new pair. EFS uses a 1024-bit RSA algorithm for FEK encryption.

EFS then creates a data decryption field (DDF) for the current user, into which the FEK is placed and encrypted with the public key. If the recovery agent is installed by system policy, EFS will also create a data recovery field (DRF) and place an FEK there, which is encrypted with the recovery agent's public key.

How do I open EFS encrypted files?

If you encrypted a file using EFS or third-party software, you can use its file properties to unlock it. In Explorer, right-click the file, select Advanced, and uncheck Encrypt content to back up data. If that doesn't work, contact your software vendor.

A separate DRA is created for each specific recovery agent. Note that a recovery agent is not defined in Windows XP that is not part of a domain. Therefore, this step is omitted.

A temporary file Efs0.tmp will now be created in the same folder as the file to be encrypted. The content of the original file (plain text) is copied to a temporary file, after which the original is overwritten with encrypted data.

By default, EFS uses an algorithmDESX rhythm with 128-bit key to encrypt file data. However, Windows can also be configured to use the more powerful 168-bit key 3DES algorithm. In this case, the use of FIPS-compliant algorithms must be enabled in the LSA policy (disabled by default):

EFS uses the registry to determine whether to use DESX or 3DES. If HKLM \ SYSTEM \ CurrentControlSet \ Control \ LSA \ FipsAlgorithmPolicy = 1, 3DES is used.

Otherwise, EFS will check HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ EFS \ AlgorithmID (this value may be missing). If available, it has the identifier CALG_3DES or CALG_DESX, otherwise DESX should be used.

After the file is encrypted, only users with the correct DDF or DRF will be able to access the file. This mechanism is different from general security. This means that in addition to file permissions, the FEK file must be encrypted with the user's public key.

How does the Microsoft Encrypting File System EFS work?

EFS encrypts a file using a symmetric mass key, also known as a file encryption key (FEK). A symmetric encryption algorithm is used because it takes less time to encrypt and decrypt large amounts of data than with asymmetric key encryption.

Only users who can decrypt the FEK with their private key can access the file. As a result, the user who has access to the file can encrypt it, which does not allowAllows the owner to access their own file.

Initially, only DDF is generated for users who will encrypt the file. Later, he can add additional users to the keychain. In this case, EFS simply decrypts the FEK using the private key of the user who wants to give the other user access to the file and encrypts the FEK using the target user's public key, creating a new DDF that is registered with the first.

The system first checks to see if the user has the private key used by EFS. If so, it reads the EFS attributes and searches the DDF DDF ring for the current user.

If a DDF is found, the user's private key will be used to decrypt the FEK extracted from the DDF. After FEK decryption, EFS decrypts the file data. Note that the file is never fully decrypted, but only sector by sector when a higher level module requests a specific sector.

The recovery process is similar to decryption, except that the private key of the recovery agent is used to decrypt the FEK in the DRF.Updates, not DDF:

The DRA policy is implemented differently for Windows 2000 and Windows XP. In Windows 2000, on non-domain computers, the local administrator is added by default to the public key policy as an encrypted data recovery agent.

When a user encrypts a file, DDF and DRF fields are generated. If the last DRA is removed, all EFS features are disabled and file encryption becomes impossible.

The situation is different in Windows XP. Since most independent home users do not need anyone other than themselves to decrypt files, a Data Recovery Agent is not required, so no public key policy is required. 'does not include DRA, and EFS works without DRA. In this case, only one DDF is generated for the encrypted file.

What algorithm does Windows EFS use?

EFS uses a 1024-bit RSA algorithm for FEK encryption. EFS then creates a data decryption field (DDF) for the current user where the FEK resides and is encrypted with the public key.



RECOMMENDED:Click this link to repair Windows system errors and increase system speed






Related posts:

  1. Access Windows Nt File System Mac
  2. Windows Vista File System
  3. Csc Cache File System Windows 7
  4. Windows File System Attributes
  5. File System Consistency Check Windows
  6. Windows 2003 Corrupt System File
  7. Network File System Windows 2008 R2
  8. Windows Has Found Problems With The File System
  9. File System Test Sw File Integrity
  10. Which Windows File System Enables Journaling And Access Control Lists