How to Back Up Your EFS File Encryption Certificate and Key in Windows 10
The Encrypting File System (EFS) is the built-in encryption tool in Windows used to encrypt files and folders on NTFS drives to protect them from unwanted access. EFS enables transparent encryption and decryption of files for your user account by using advanced, standard cryptographic algorithms. Any individual or app that doesn't possess the appropriate file encryption key cannot open any encrypted files and folders. Encryption is the strongest protection that Windows provides to help you keep your individual files and folders secure.
Creating a backup of your file encryption certificate and key to a PFX file helps you avoid permanently losing access to your encrypted files and folders if the original certificate and key are lost or corrupted.
If you lose access to your encrypted files and folders, you will not be able to open them again unless you are able to restore your file encryption certificate and key used with EFS.
This tutorial will show you how to back up your file encryption certificate and key used with Encrypting File System (EFS) in Windows 10 Pro, Enterprise, and Education editions.
When you back up your file encryption certificate and key using an option below, you will be required to enter a password used to protect the private key to maintain the security of your encrypted files and folders.
No one will be able to restore the backed up file encryption certificate and key to gain access to your encrypted files and folders unless they are able to enter this password.
It is extremely important that you do not lose this password. Keep it written down in a safe secure location in case you need to restore your backed up file encryption certificate and key.
Be sure to also keep the PFX file backup of your file encryption certificate and key saved in a safe and secure location in case you need to restore your backed up file encryption certificate and key.
Contents
- Option One: To Backup your Current EFS File Encryption Certificate and Key from EFS Notification or Icon
- Option Two: To Backup your EFS File Encryption Certificate(s) and Key(s) in Certificates Manager
- Option Three: To Backup your Current EFS File Encryption Certificate and Key in Command Prompt
You will see the EFS notification and icon whenever a new file encryption certificate and key has been created.
This is usually after the first time you encrypt a file or folder, or manually create a new key using the Cipher command.
1 Either click/tap on the EFS notification or taskbar icon. (see screenshot below)
2 Click/tap on Back up now. (see screenshot below)
3 Click/tap on Next. (see screenshot below)
4 Check the Password box, enter a password you want to protect the private key backup with, enter this password again to confirm, and click/tap on Next. (see screenshot below)
5 Click/tap on the Browse button, navigate to where you want to save the backup to, enter a file name you want for the backup, click/tap on Save, and click/tap on Next. (see screenshot below)
6 Click/tap on Finish. (see screenshot below)
7 When the export has successfully finished, click/tap on OK. (see screenshot below)
1 Press the Win + R keys to open Run, type certmgr.msc into Run, and click/tap on OK to open Certificates Manager.
2 In the left pane of certmgr, expand open the Personal store, and open Certificates. (see screenshots below step 3)
3 In the right pane of Certificates, select all certificates for Encrypting File System under the "Intended Purpose" column, right click or press and hold on these selected certificates, click/tap on All Tasks, and click/tap on Export. (see screenshots below)
4 Click/tap on Next. (see screenshot below)
5 Select (dot) Yes, export the private key, and click/tap on Next. (see screenshot below)
6 Click/tap on Next. (see screenshot below)
7 Check the Password box, enter a password you want to protect the private key backup with, enter this password again to confirm, and click/tap on Next. (see screenshot below)
8 Click/tap on the Browse button, navigate to where you want to save the backup to, enter a file name you want for the backup, click/tap on Save, and click/tap on Next. (see screenshot below)
9 Click/tap on Finish. (see screenshot below)
10 When the export has successfully finished, click/tap on OK. (see screenshot below)
1 Open a command prompt.
2 Copy and paste the command below into the command prompt, and press Enter. (see screenshot below)
cipher /x "%UserProfile%\Desktop\MyEFSCertificates"
3 Click/tap on OK. (see screenshot below)
4 Type a password you want to protect the private key backup with in the command prompt, and press Enter. (see screenshot below)
5 Type this password password again to confirm, and press Enter. (see screenshot below)
6 When your EFS certificate has been backed up successfully, you can close the command prompt if you like. (see screenshot below)
7 A MyEFSCertificates.PFX file has now been save to your desktop. This is the backup of your current file encryption certifcate and key.
That's it,
Shawn
Related Tutorials
- How to Encrypt Files and Folders with Encrypting File System (EFS) in Windows 10
- How to Decrypt Files and Folders Encrypted with EFS in Windows 10
- How to Find and List All Your EFS Encrypted Files in Windows 10
- How to Import Your EFS File Encryption Certificate and Key in Windows 10
- How to Change or Remove Lock Icon on Encrypted Files and Folders in Windows 10
- How to Turn On or Off to Index Encrypted Files in Windows 10