CIPHER.exe – Windows CMD Command

Encrypt or Decrypt files and folders.
Without parameters, the cipher will display the encryption state of the current folder and files.
NTFS volumes only.

Syntax:

 Encrypt/Decrypt:
    CIPHER [{/e | /d}] [/s:Folder] [options] [/u[/n]] [{PathName [...]] 

 New recovery agent certificate:
    CIPHER /r:PathNameWithoutExtension

 Remove data:
    CIPHER /w:PathName
Backup Keys:
    CIPHER /x[:PathName]

options:

   /e    Encrypt the folders.
         Folders are marked so that files that are added to the folder later
         are encrypted too.

   /d    Decrypt the folders.
         Folders are marked so that files that are added to the folder later
         are encrypted too.

   /s:Folder
         Performs the operation in the folder and all subfolders.

   /a    Perform the operation for files and directories.

   /i    Continue even after errors occur.
         By default, cipher stops when it encounters an error.

   /f    Force the encryption or decryption of all specified objects.
         By default, cipher skips files that have been encrypted or decrypted already.

   /q    Quiet - Report only essential information.

   /h    Display files with hidden or system attributes.
         By default, these files are not encrypted or decrypted.

   /k    Create a new file encryption key for the user running cipher.

   /u    Update the user's file encryption key or recovery agent's key
         to the current ones in all of the encrypted files on local drives
         (that is, if the keys have been changed).
         This option only works with /n.
   /n    Prevent keys from being updated.
         Use this option to find all of the encrypted files on the local drives.
         This option only works with /u. 

  PathName
         A pattern, file, or folder.

   /r:PathNameWithoutExtension
         Generate a new recovery agent certificate and private key, and 
         then write them to files with the filename PathNameWithoutExtension.

   /w:PathName
         Remove data from unused portions of a volume.
         PathName can indicate any directory on the desired volume.
         Cipher does not obtain an exclusive lock on the drive.
         This option can take a long time to complete and should only be used when necessary.

   /x[:PathName] PathNameWithoutExtension
         Identifies the certificates and private keys used by EFS for the
         currently logged on user and backs them up to a file.
         If PathName is provided, the certificate used to encrypt the files
         is backed up. Otherwise, the user's current EFS certificate and keys
         will be backed up.
         The certificates and private keys are written to a file name
         PathNameWithoutExtension plus the file extension .pfx.

It is recommended that you always encrypt both the file and the folder in which it resides, this prevents an encrypted file from becoming decrypted when it is modified.

Cipher cannot encrypt files that are marked as read-only.
Cipher will accept multiple folder names and wildcard characters.
You must separate multiple parameters with at least one space.

The /W option will remove data on unused portions of a volume, effectively erasing data that still resides on a hard drive after deletion. See Q814599 for a description of this.

Examples

List encrypted files in the reports folder:

CIPHER c:\reports\*

Encrypt the Reports folder and all subfolders:

CIPHER /e /s:C:\reports

Back up the certificate and private key currently used to encrypt and decrypt EFS files to a file:

CIPHER /x c:\myefsbackup