Windows 7 Encrypting File System (NTFS Encryption)

As you have seen, BitLocker and BitLocker To Go encrypt the entire drive to protect the integrity of your filesystems. However, sometimes you may need to encrypt just selected files (or folders), not the entire drive. To do this, you can make use of the Encrypting File System, also known as the NTFS Encryption feature of Windows 7.

NTFS Encryption is available only in Windows 7 Professional, Enterprise, and Ultimate. To encrypt a file (or folder), right-click its icon and select Properties. In the General tab, click the Advanced... button. Check the “Encrypt contents to secure data” checkbox and click OK twice.

You will be asked if you want to encrypt the entire file itself, or encrypt its parent folder as well (recommended). Select the option you want and click OK. The file will now be encrypted. If you click the Details button, you will see that the file has been encrypted using a certificate bearing your name (this is created for you automatically).

To allow other users to access your encrypted file, click the Add... button to add the certificates provided by the users. A user who possesses the certificate contained in the certificates list will be able to access your encrypted file.

When you select the certificate name, you will be able to back up the certificate to disk. Doing so allows you to pass your certificate to other users so that they can also access this encrypted file. However, giving your certificate to other users will allow them to access all your encrypted files and folders (that use the same certificate). So, think carefully before you give away your certificates.


Creating Certificates
When you encrypt a file using NTFS Encryption, Windows 7 automatically creates an encryption certificate for you if you do not already have one. However, you can also manually create your own encryption certificate using the “Manage file encryption certificates” application (just type “Manage file encryption certificates” in the search box of the Start menu).

By creating your own certificates, you can then encrypt different files using different certificates. Doing so allows you to share specific encrypted files with other users without compromising the integrity of other files.

If you already have a certificate created for you, you should see it now. To view other certificates on your computer, click the “Select certificate” button. If you want to create a new certificate, choose the “Create a new certificate” option and click Next. You will now choose the type of certificate you want to create. If you do not have a smartcard, you should select the first option, where you will create a selfsigned certificate stored on your computer. Click Next.

Your certificate will now be created. On the next screen, you have the option to back up your certificate to storage. Supply a path and a password for the backup. Click Next to continue.

Now you have the option to update your encrypted files with the new certificate and key (all your encrypted files will now use this new certificate). Select the drives or folders containing the encrypted files and click Next. That’s it! Your certificate is now created. The certificate is saved as a file with the .pfx extension.


Importing Certificates
When you receive a .pfx certificate from someone else, you can import it into your own certificate store in Windows by double-clicking the .pfx file. When you double-click a .pfx file, the Certificate Import Wizard will appear. Click Next to proceed. You will be asked to specify the location of the .pfx file. When done, click Next. Enter the password that was used to protect the certificate and then click Next twice. Finally, if the importing is successful, click the Finish button.

Source of Information : Oreilly Windows 7 Up and Running