File Systems

  • Article

Cipher is a command-line tool that is used to manage or display the Encrypting File System feature of NTFS. You can use it to encrypt or decrypt files and folders, and you can set switches to ignore errors and to force encryption on objects that might already be encrypted. You can also create a new encryption key. Cipher is especially useful when manipulating encryption attributes by using batch files.

The syntax of Cipher is:

cipher [/e|/d] [/s:folder] [/a] [/i] [/f] [/q] [/h] [/k] [pathname [...]]

TableĀ 17.13 describes the switches available with Cipher.

TableĀ 17.13 Cipher Switches

Switch

Description

/e

Encrypts the specified folders. Folders are marked so that files added afterward are encrypted.

/d

Decrypts the specified folders. Folders are marked so that files added afterward are not encrypted.

/s:folder

Performs the specified operation on folders in the specified folder and all subfolders.

/a

Specifies that the operation is for files as well as folders. The encrypted file might become decrypted when it is modified if the parent folder is not encrypted. Make sure to encrypt the file and the parent folder.

/i

Continues performing the specified operation even after errors have occurred. By default, cipher stops when an error is encountered.

/f

Forces the encryption operation on all specified objects, even those that are already encrypted. Already-encrypted objects are skipped by default.

/q

Reports only the most essential information.

/h

Displays files with the hidden or system attributes. These files are omitted by default.

/k

Create a new file encryption key for the user running Cipher. If this switch is used, all the other switches are ignored.

pathname

Specifies a file or folder. Wildcards are acceptable.

/?

Displays user help.

note-icon

Note

Used without switches, Cipher displays the encryption state of the current folder and any files it contains. You can use multiple folder names and wildcards. Include spaces between multiple switches.