Microsoft Windows: EFS

With the Encrypted File System (EFS), the Windows operating system offers the option of encrypting files and folders that are stored on hard disks that use the NTFS file system. To find out which file system your hard disk is using, you can do so by accessing the storage medium properties, for example.
To do so, launch File Explorer, right-click the drive icon (e.g. "Local Disk" C:) and then select "Properties" and the "General" tab. While EFS has been included with all versions of Windows since Windows XP, the Home versions of Microsoft Windows do not support EFS.

Encrypting files and folders

When you right-click a file or folder and then access "Properties", the "Advanced" button offers the option of encrypting the file/folder contents. Objects encrypted using this method can only be opened by the user account that encrypted them. Other computer users who try to access the files/folders from their accounts will instead be shown an error message. Other computer users can explicitly be given access to this data, however. Details of how to do so are provided by Microsoft on its website for Windows XP users. The procedure described there is also applicable to more recent versions of the Windows operating system.

Exporting and importing certificates

Keys and certificates automatically generated by the operating system are typically hidden and cannot be recovered in the event of data loss or a system reinstall. Accordingly, they should be backed up externally. This approach ensures that data can be decrypted even after reinstalling the system. Keys and certificates can be exported using the Microsoft Management Console.

• To do so, go to the Start menu and access "Run" (or search for "Run" from the Taskbar and then click the app) and then enter certmgr.msc into the box provided (omit the quotation marks when you enter this). This application will display the certificates from all users who have already used EFS.

• Right-click on the certificate that you want to use and select "All Tasks > Export" from the context menu. The Certificate Export Wizard starts. Use the wizard to export the private key, making sure you select the following options:

  • "Include all certificates in the certification path"
  • "Enable certificate privacy"
• As a final step, you will need to enter a password, which will be used to protect the exported file.
• Copy the file to an external storage medium (memory card, USB memory stick, CD, etc.) and keep this in a safe and secure place.

If you want to import the certificate back into Windows at a later point in time, simply double-click the exported file to start the corresponding wizard. A detailed description, which also includes other EFS tips and tricks, is offered by the heise Security website.

Apple Mac OS X: FileVault

FileVault is a feature offered by the Mac OS X operating system that allows Apple users to apply an extra level of security to their data. In its initial version, FileVault encrypted only the user directory (up to operating system version 10.6, Snow Leopard). From Mac OS X 10.7 (Lion), however, FileVault 2 now encrypts entire hard disk partitions. Details about how to activate and use FileVault are provided by Apple on its website. Encrypting an entire partition with FileVault does not aim to protect data from access by other users of the computer but instead works to protect the data from third-party access in the event of the computer being lost.

To protect data from other, legitimate users of the same computer, Mac OS X offers the option of creating encrypted disk images. This involves using the hard drive utility program to create a password-protected file, whose contents are then encrypted. When this file is opened (and the password is entered), the file is treated like a hard disk by the operating system. Any kinds of files can be stored within it. Apple provides detailed instructions for creating these kinds of images.