Explanation:

Cipher

Displays or alters the encryption of folders and files on NTFS volumes. Used without

parameters, cipher displays the encryption state of the current folder and any files it

contains. Administrators can use Cipher.exe to encrypt and decrypt data on drives that use

the NTFS file system and to view the encryption status of files and folders from a command

prompt. The updated version adds another security option. This new option is the ability to

overwrite data that you have deleted so that it cannot be recovered and accessed.When

you delete files or folders, the data is not initially removed from the hard disk. Instead, the

space on the disk that was occupied by the deleted data is "deallocated." After it is

deallocated, the space is available for use when new data is written to the disk. Until the

space is overwritten, it is possible to recover the deleted data by using a low-level disk

editor or data-recovery software.

If you create files in plain text and then encrypt them, Encrypting File System (EFS) makes

a backup copy of the file so that, if an error occurs during the encryption process, the data

is not lost. After the encryption is complete, the backup copy is deleted. As with other

deleted files, the data is not completely removed until it has been overwritten. The new

version of the Cipher utility is designed to prevent unauthorized recovery of such data.

/K Creates a new certificate and key for use with EFS. If this option is chosen, all the other

options will be ignored. By default, /k creates a certificate and key that conform to current

group plicy. If ECC is specified, a self-signed certificate will be created with the supplied

key size. /R Generates an EFS recovery key and certificate, then writes them to a .PFX file

(containing certificate and private key) and a .CER file (containing only the certificate). An

administrator may add the contents of the .CER to the EFS recovery policy to create the

recovery for users, and import the .P