To encrypt a file or folder in Windows, you basically go to its Properties and check Encrypt contents to secure data. Windows will use the certificate for Encrypting File System (EFS) that is installed in the Certificates Manager (certmgr.msc) that usually goes under Personal → Certificates. So when there is only one EFS certificate available, you know which one is used to encrypt files.
In my case, I have several EFS certificates installed. I don't know which one is the original one and which ones were installed later, and more importantly, I don't know which one is actually used to encrypt a file when I check that box.
Is there any way to know exactly which certificate is used for encryption?
In Microsoft's instructions for Backing up Encrypting File System (EFS) certificate it says "If there is more than one EFS certificate, you should back up all of them." Does that mean all installed certificates will be used for encrypting files and therefore all of them will be needed for decrypting?
Best Answer
Answering to myself:
Use this command to list all encrypted files on the system:
Use this command to display certificate info for the specified file.
By default Windows uses the EFS certificate that expires latest for encrypting files and folders. The easiest way to manage EFS certificates in Windows is to use the Manage File Encryption Certificates wizard (rekeywiz) to renew and backup certificates.