Encrypt or Decrypt files and folders.

Without parameters cipher will display the encryption state of the current folder and files.

NTFS volumes only.

Syntax: Encrypt/Decrypt: CIPHER [{/e | /d}] [/s:Folder] [options] [/u[/n]] [{PathName [...]] New recovery agent certificate: CIPHER /r:PathNameWithoutExtension Remove data: CIPHER /w:PathName Backup Keys: CIPHER /x[:PathName]

options: /e Encrypt the folders. Folders are marked so that files that are added to the folder later are encrypted too.

/d Decrypt the folders. Folders are marked so that files that are added to the folder later are encrypted too.


Performs the operation in the folder and all subfolders.

/a Perform the operation for files and directories.

/i Continue even after errors occur. By default, cipher stops when it encounters an error.

/f Force the encryption or decryption of all specified objects. By default, cipher skips files that have been encrypted or decrypted already.

/q Quiet - Report only essential information.

/h Display files with hidden or system attributes. By default, these files are not encrypted or decrypted.

/k Create a new file encryption key for the user running cipher.

/u Update the user's file encryption key or recovery agent's key to the current ones in all of the encrypted files on local drives (that is, if the keys have been changed). This option only works with /n.

/n Prevent keys from being updated. Use this option to find all of the encrypted files on the local drives. This option only works with /u.


A pattern, file, or folder.


Generate a new recovery agent certificate and private key, and then write them to files with the filename PathNameWithoutExtension.


Remove data from unused portions of a volume. PathName can indicate any directory on the desired volume. Cipher does not obtain an exclusive lock on the drive. This option can take a long time to complete and should only be used when necessary. /x[:PathName] PathNameWithoutExtension

Identifies the certificates and private keys used by EFS for the currently logged on user and backs them up to a file. If PathName is provided, the certificate used to encrypt the files is backed up. Otherwise, the user's current EFS certificate and keys will be backed up. The certificates and private keys are written to a file name PathNameWithoutExtension plus the file extension .pfx.


It is recommended that you always encrypt both the file and the folder in which it resides, this prevents an encrypted file from becoming decrypted when it is modified.

Cipher cannot encrypt files that are marked as read-only.

Cipher will accept multiple folder names and wildcard characters. You must separate multiple parameters with at least one space.


List encrypted files in the reports folder are:

CIPHER c:\reports\*

Encrypt the Reports folder and all subfolders:

CIPHER /e /s:C:\reports

To back up the certificate and private key currently used to encrypt and decrypt EFS files to a file named c:\myefsbackup.pfx, type:

CIPHER /x c:\myefsbackup

"He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself" - Thomas Paine