File Encryption

Windows 2000 supports the Encrypted File System (EFS), which provides cryptographic protection of files on NTFS volumes. EFS provides file encryption on an individual file basis using a public-key system.

Note that EFS encryption and NTFS file compression are mutually exclusive; you cannot compress an encrypted file. Sparse files may be encrypted.

You can determine whether a file system supports file encryption for files and directories by calling the GetVolumeInformation function and examining the FILE_SUPPORTS_ENCRYPTION bit flag. Note that the following items cannot be encrypted:

• system files
• system directories
• root directories

For information on encrypted files, see the following topics:

• Handling Encrypted Files and Directories
• Encrypted Files and User Keys

For more information on cryptography in general, see CryptoAPI.