How to upload files encrypted using "cipher" to onedrive so that they are not decrypted

1

I am encrypting files using windows built in command line tool called cipher. When I copy the encrypted file from a usb to another pc it is encrypted and its not accessed on another pc. But if I sync those files from the same pc they were encrypted on, I am getting decrypted copies of the files on onedrive. Those files are windows backup files and I don't want to delete the certificate/keys from the policy manager so that windows can have uninterrupted access to those files while onedrive uploads encrypted copies of them.

codekeeper

Posted 2017-03-22T08:27:06.433

Reputation: 36

Answers

2

EFS (as used by cipher) is supposed to be entirely transparent to programs. So when you copy it to an external HD, the OS actually decrypts data first, and encrypts again when writing to the new disk. You aren't just copying around an encrypted bundle as the case would be with PGP or ZIP.

It is possible to obtain the encrypted version of these files, but I don't think Windows has a built-in command for that, only an API meant for use by third-party backup software.

The API in question is OpenEncryptedFileRaw and related functions. I'm not sure what tools make use of it. It seems Bareos or grke/burp might do that.

(I had once written my own program for that – see efs.cs and efs-backup.cs – but I don't even remember how to compile it anymore. Maybe someone else will find the source code useful though.)

Such tools are only usable by administrators or if you assign yourself SeBackupPrivilege.

user1686

Posted 2017-03-22T08:27:06.433

Reputation: 283 655

Asked: 2017-03-22T08:27:06.433

Viewed: 143 times

Active: 2017-03-22T09:31:19.437