A. New to Windows 2000 and the NTFS 5.0 file system is the Encrypted File System (EFS) which as the name suggests is used to encrypt files.
NTFS is a secure file system however with more and more people using portables and utilities such as NTFSDos which bypasses NTFS security another layer or protection is needed.
EFS uses a public and private key encryption and the CryptoAPI architecture. EFS can use any symmetric encryption algorithm to encrypt files however the initial release only uses DES. 128-bit keys are used in North America, 40-bit internationally.
No preparation is needed to encrypt files and the first time a user encrypts a file an encryption certificate for the user and a private key are automatically created.
If encrypted files are moved they stay encrypted, if users add files to an encrypted folder the new files are automatically encrypted. There is no need to decrypt a file before use, the operating system automatically handles this for you in a secure manner.
In the event of a users private key being lost (either by reinstallation or new user creation) the EFS recovery agent can decrypt the files.