Backup Encrypting File System Certificate and Key in Windows 10  

Page 1 of 2 12 LastLast
    Backup Encrypting File System Certificate and Key in Windows 10

    Backup Encrypting File System Certificate and Key in Windows 10

    How to Back Up Your EFS File Encryption Certificate and Key in Windows 10
    Published by Category: Security System
    13 Aug 2020
    Designer Media Ltd
     

    How to Back Up Your EFS File Encryption Certificate and Key in Windows 10


    The Encrypting File System (EFS) is the built-in encryption tool in Windows used to encrypt files and folders on NTFS drives to protect them from unwanted access. EFS enables transparent encryption and decryption of files for your user account by using advanced, standard cryptographic algorithms. Any individual or app that doesn't possess the appropriate file encryption key cannot open any encrypted files and folders. Encryption is the strongest protection that Windows provides to help you keep your individual files and folders secure.

    Creating a backup of your file encryption certificate and key to a PFX file helps you avoid permanently losing access to your encrypted files and folders if the original certificate and key are lost or corrupted.

    If you lose access to your encrypted files and folders, you will not be able to open them again unless you are able to restore your file encryption certificate and key used with EFS.

    This tutorial will show you how to back up your file encryption certificate and key used with Encrypting File System (EFS) in Windows 10 Pro, Enterprise, and Education editions.

    When you back up your file encryption certificate and key using an option below, you will be required to enter a password used to protect the private key to maintain the security of your encrypted files and folders.

    No one will be able to restore the backed up file encryption certificate and key to gain access to your encrypted files and folders unless they are able to enter this password.

    It is extremely important that you do not lose this password. Keep it written down in a safe secure location in case you need to restore your backed up file encryption certificate and key.

    Be sure to also keep the PFX file backup of your file encryption certificate and key saved in a safe and secure location in case you need to restore your backed up file encryption certificate and key.



    Contents

    • Option One: To Backup your Current EFS File Encryption Certificate and Key from EFS Notification or Icon
    • Option Two: To Backup your EFS File Encryption Certificate(s) and Key(s) in Certificates Manager
    • Option Three: To Backup your Current EFS File Encryption Certificate and Key in Command Prompt






    OPTION ONE

    To Backup your Current EFS File Encryption Certificate and Key from EFS Notification or Icon


    You will see the EFS notification and icon whenever a new file encryption certificate and key has been created.

    This is usually after the first time you encrypt a file or folder, or manually create a new key using the Cipher command.


    1 Either click/tap on the EFS notification or taskbar icon. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-1.jpg

    2 Click/tap on Back up now. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-2.jpg

    3 Click/tap on Next. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-3.jpg

    4 Check the Password box, enter a password you want to protect the private key backup with, enter this password again to confirm, and click/tap on Next. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-4.jpg

    5 Click/tap on the Browse button, navigate to where you want to save the backup to, enter a file name you want for the backup, click/tap on Save, and click/tap on Next. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-5.jpg

    6 Click/tap on Finish. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-6.jpg

    7 When the export has successfully finished, click/tap on OK. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-7.jpg






    OPTION TWO

    To Backup your EFS File Encryption Certificate(s) and Key(s) in Certificates Manager


    1 Press the Win + R keys to open Run, type certmgr.msc into Run, and click/tap on OK to open Certificates Manager.

    2 In the left pane of certmgr, expand open the Personal store, and open Certificates. (see screenshots below step 3)

    3 In the right pane of Certificates, select all certificates for Encrypting File System under the "Intended Purpose" column, right click or press and hold on these selected certificates, click/tap on All Tasks, and click/tap on Export. (see screenshots below)

    Backup Encrypting File System Certificate and Key in Windows 10-backup_efs_certificate-1.jpg
    Backup Encrypting File System Certificate and Key in Windows 10-backup_efs_certificate-1b.jpg

    4 Click/tap on Next. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-backup_efs_certificate-2.jpg

    5 Select (dot) Yes, export the private key, and click/tap on Next. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-backup_efs_certificate-3.jpg

    6 Click/tap on Next. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-backup_efs_certificate-4.jpg

    7 Check the Password box, enter a password you want to protect the private key backup with, enter this password again to confirm, and click/tap on Next. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-4.jpg

    8 Click/tap on the Browse button, navigate to where you want to save the backup to, enter a file name you want for the backup, click/tap on Save, and click/tap on Next. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-5.jpg

    9 Click/tap on Finish. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-6.jpg

    10 When the export has successfully finished, click/tap on OK. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-notification_backup_efs_certificate-7.jpg






    OPTION THREE

    To Backup your Current EFS File Encryption Certificate and Key in Command Prompt


    1 Open a command prompt.

    2 Copy and paste the command below into the command prompt, and press Enter. (see screenshot below)

    cipher /x "%UserProfile%\Desktop\MyEFSCertificates"

    Backup Encrypting File System Certificate and Key in Windows 10-backup_efs_certificate_command-1.jpg

    3 Click/tap on OK. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-backup_efs_certificate_command-2.jpg

    4 Type a password you want to protect the private key backup with in the command prompt, and press Enter. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-backup_efs_certificate_command-3.jpg

    5 Type this password password again to confirm, and press Enter. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-backup_efs_certificate_command-4.jpg

    6 When your EFS certificate has been backed up successfully, you can close the command prompt if you like. (see screenshot below)

    Backup Encrypting File System Certificate and Key in Windows 10-backup_efs_certificate_command-5.jpg

    7 A MyEFSCertificates.PFX file has now been save to your desktop. This is the backup of your current file encryption certifcate and key.


    That's it,
    Shawn




  1. Posts : 51
    Win10 Pro N installed AND activated
       #1

    Certificate Export Wizard, I was just spammed with this. I don't know what it is all I do know is I'm reinstalling windows 10 2004 and want to make it fully set up and defragmented before I clone from the raid array to my SSD. I have not encrypted any files so should I even need this key? I checked and it has nothing to do with bitlocker encryption, its turned off for every drive. Its very inconvenient and annoying to have to deal with this in the middle of trying to setup windows 10 again. I did intend to clone a previous install but it had a nasty habbit of forgeting my second ssd which (eventually) I found could be solved by scanning for hardware changes from disk management or device manager, but, not always; it could be greyed out. Also I have setup autologin whereas I think if you enable pin code it locks out that functionality.

    Right now I have cancelled it as I fear creating a certificate may enable this feature. Its quite unbelievable that they have this kind of popup in the latest version of windows. Its like "do this or we may block you from accessing your files", how is that not similar to a ransomware attack? There is no help even if you search from the start menu (I have searching bing through start menu turned off).
      My Computer

  2. Brink's Avatar
    Posts : 56,987
    64-bit Windows 10 Pro for Workstations build 21376
    Thread Starter
       #2

    sgtsixpack said:
    Certificate Export Wizard, I was just spammed with this. I don't know what it is all I do know is I'm reinstalling windows 10 2004 and want to make it fully set up and defragmented before I clone from the raid array to my SSD. I have not encrypted any files so should I even need this key? I checked and it has nothing to do with bitlocker encryption, its turned off for every drive. Its very inconvenient and annoying to have to deal with this in the middle of trying to setup windows 10 again. I did intend to clone a previous install but it had a nasty habbit of forgeting my second ssd which (eventually) I found could be solved by scanning for hardware changes from disk management or device manager, but, not always; it could be greyed out. Also I have setup autologin whereas I think if you enable pin code it locks out that functionality.

    Right now I have cancelled it as I fear creating a certificate may enable this feature. Its quite unbelievable that they have this kind of popup in the latest version of windows. Its like "do this or we may block you from accessing your files", how is that not similar to a ransomware attack? There is no help even if you search from the start menu (I have searching bing through start menu turned off).
    Hello,

    You're not the only one reporting this.

    Currently, it appears to be caused by some installed 3rd party program encrypting one of its files.

    Creating a backup of the encryption key and certificate will stop the message though.
      My Computers

  3. Ivan Petrov's Avatar
    Posts : 188
    Windows 10 Home 20H2
       #3

    Hello everyone and thanks to @Brink for this tutorial.

    Soon I will receive and download a certificate from local autorities and since I have zero experience with that, would like to know how this works on windows 10 Home.
    My concern is, more specific: In case I do a clean install of the OS, I need to backup this pfx-file on external harddisk, for example. How?
    What I have to do after that - install, import, export or something else?

    Thanks to all and happy and healthy holidays!
    Ivan
      My Computer

  4. Brink's Avatar
    Posts : 56,987
    64-bit Windows 10 Pro for Workstations build 21376
    Thread Starter
       #4

    Ivan Petrov said:
    Hello everyone and thanks to @Brink for this tutorial.

    Soon I will receive and download a certificate from local autorities and since I have zero experience with that, would like to know how this works on windows 10 Home.
    My concern is, more specific: In case I do a clean install of the OS, I need to backup this pfx-file on external harddisk, for example. How?
    What I have to do after that - install, import, export or something else?

    Thanks to all and happy and healthy holidays!
    Ivan
    Hello Ivan,

    I'm afraid encryption is not included in the Windows 10 Home edition.
      My Computers

  5. Ivan Petrov's Avatar
    Posts : 188
    Windows 10 Home 20H2
       #5

    Brink said:
    Hello Ivan,

    I'm afraid encryption is not included in the Windows 10 Home edition.
    Thanks, Brink, I don't intend to encrypt anything, forgot to mention...

    Can I just copy-paste the original pfx-file in order to keep a copy of it somewhere safe?
    What I do with this file then: right-click and instal or via Certificates Manager - import and so on...? ... according to option 2 in:

    Import Encrypting File System Certificate and Key in Windows 10

    Sorry, it is a mess in my head...
      My Computer

  6. Brink's Avatar
    Posts : 56,987
    64-bit Windows 10 Pro for Workstations build 21376
    Thread Starter
       #6

    Ivan Petrov said:
    Thanks, Brink, I don't intend to encrypt anything, forgot to mention...

    Can I just copy-paste the original pfx-file in order to keep a copy of it somewhere safe?
    What I do with this file then: right-click and instal or via Certificates Manager - import and so on...? ... according to option 2 in:

    Import Encrypting File System Certificate and Key in Windows 10

    Sorry, it is a mess in my head...
    You can't import it in Windows 10 Home, but you can save the backed up PFX file anywhere you like for safe keeping.

    You would use that import method if needed to restore it in a Windows 10 Pro, Education, or Enterprise edition.
      My Computers

  7. Ivan Petrov's Avatar
    Posts : 188
    Windows 10 Home 20H2
       #7

    Brink said:
    You can't import it in Windows 10 Home, but you can save the backed up PFX file anywhere you like for safe keeping.

    You would use that import method if needed to restore it in a Windows 10 Pro, Education, or Enterprise edition.

    Thank you, Brink, last question:

    Am I able to use right-click and install as from your screenshot:

    Backup Encrypting File System Certificate and Key in Windows 10-untitled.png
    Thank you one more time and enjoy the holidays!
      My Computer

  8. Brink's Avatar
    Posts : 56,987
    64-bit Windows 10 Pro for Workstations build 21376
    Thread Starter
       #8

    Ivan Petrov said:
    Thank you, Brink, last question:

    Am I able to use right-click and install as from your screenshot:

    Thank you one more time and enjoy the holidays!
    Not in Windows 10 Home, but you can in the other supported editions.
      My Computers

  9. Ivan Petrov's Avatar
    Posts : 188
    Windows 10 Home 20H2
       #9

    Brink said:
    Not in Windows 10 Home, but you can in the other supported editions.

    Thanks, marked as closed.
      My Computer


 
Page 1 of 2 12 LastLast

Tutorial Categories

Backup Encrypting File System Certificate and Key in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:21.
Find Us




Windows 10 Forums