윈도우즈 10에서 특정 폴더/파일만 암호화

갑자기 하드디스크 내의 특정 폴더와 파일만 암호화 하여 본인 계정으로만 볼 수 있게 할 방법이 궁금해졌다.

 

ChatGPT 에 물어보니 NTFS 포맷 디스크의 경우는 별도의 소프트웨어가 없이도 윈도우즈 10 프로 이상의 버전이면 가능하다고 한다. 하지만 exFAT 일 경우는 조금 불편하다. 비트락커를 사용하면 전체 볼륨을 처리하는 것 같고, 써드파티 소프트웨어 사용은 좀 꺼려진다. 결국 방법은 NTFS 로 포맷을 전환하는 것을 권하는데, 미리 데이터 백업을 잘 받아두고 시도하라고 한다. 6TB 정도 되는 외장 하드의 경우 백업 받는것도 일이다. NTFS로 되어 있길 기대하며 체크해 봐야 할 듯.

 

You

 

I use Windows 10. Is there a way to encrypt some folders and files only by Windows so that only my account can access them, not allowed to the other account?

ChatGPT

Yes, Windows 10 provides a built-in feature called Encrypting File System (EFS) that allows you to encrypt individual files and folders on NTFS drives. Files and folders encrypted with EFS can only be accessed by the user account that encrypted them, making it an ideal solution for securing sensitive data from other users on the same system. Here's how you can encrypt folders and files using EFS:

1. Right-click the file or folder you want to encrypt.
2. Select Properties from the context menu.
3. Click on the Advanced button under the General tab.
4. In the Advanced Attributes dialog, check the option Encrypt contents to secure data.
5. Click OK, and then Apply.
6. You'll be prompted to choose whether you want to encrypt the folder only or the folder and all its contents. Choose the option that best fits your needs.
7. After selecting your option, click OK and then Apply in the Properties window.

A few things to note about using EFS:

• EFS is available only on Windows 10 Pro, Enterprise, and Education editions. It's not available on Windows 10 Home edition.
• EFS encryption is tied to your user account. Make sure you back up your encryption certificate and key. If your account becomes inaccessible, or you move the file to another computer or account, you won't be able to access your encrypted files without the key.
• EFS encrypts files at the file system level. This means the encryption is transparent to the user who encrypted the files. However, the files are encrypted on disk and require decryption to be accessed, which happens automatically when accessed by the encrypting user.
• While EFS is secure, it's always a good idea to also maintain backups of your important data, preferably in a secure location.

 

To back up your encryption certificate and key:

 

1. Press the Windows key and type "certificate".
2. Click on Manage user certificates.
3. In the left pane, expand Personal and click Certificates.
4. Find the certificate with "Encrypting File System" under the Intended Purposes column.
5. Right-click the certificate, select All Tasks, and then Export.
6. Follow the Certificate Export Wizard, making sure to select "Yes, export the private key" and set a strong password to protect the file.

By following these steps, you can ensure that your encrypted files and folders are accessible only by your user account, adding an extra layer of security to your sensitive data.

User
Is this only usable for a NTFS formatted disk, not an exFAT?

ChatGPT

 

Yes, the Encrypting File System (EFS) feature is specifically designed to work with the NTFS file system and is not suppo

rted on exFAT or FAT32 file systems. This limitation exists because EFS relies on the advanced security features and architecture of NTFS to provide encryption directly within the file system. NTFS supports detailed file permissions and encryption at the file level, which are necessary for EFS to function correctly.

 

If you're using an exFAT-formatted disk and need encryption, you won't be able to use EFS. However, you have other options for encrypting your data:

1. BitLocker To Go: If you're using Windows 10 Pro, Enterprise, or Education editions, you can use BitLocker To Go to encrypt external drives and USB flash drives, which can be formatted with exFAT. BitLocker To Go encrypts the entire drive rather than individual files or folders.
2. Third-party encryption software: There are several third-party encryption solutions available that support various file systems, including exFAT. These software options can provide file or folder encryption, full disk encryption, or both. Examples include VeraCrypt, AxCrypt, and others. They can be used to encrypt data on internal as well as external drives, regardless of the file system.
3. Converting exFAT to NTFS: If the data compatibility with other operating systems (which might not support NTFS as well as exFAT) is not a concern, you could consider converting your exFAT drive to NTFS. Windows includes a command-line utility to convert file systems from exFAT to NTFS without losing data. However, always back up your data before attempting any file system conversion.

Remember, while BitLocker and third-party solutions can offer robust encryption for your data, the approach and features differ from EFS. For instance, BitLocker encrypts the entire drive, which may or may not be desirable depending on your needs. Third-party solutions offer flexibility but require trusting and managing additional software on your system.