# Cipher - Command Prompt Encryption

The cipher command can be used to encrypt files in Windows from the Command Prompt.

The following parameters can be used with the cipher command:

<table border="1" id="bkmrk-parameters-descripti" style="border-collapse: collapse; width: 100%; height: 442.985px; border-width: 1px;"><colgroup><col style="width: 50.0618%;"></col><col style="width: 50.0618%;"></col></colgroup><tbody><tr style="height: 64.8281px;"><td class="align-center" style="height: 64.8281px; border-width: 1px;">##### **Parameters**

</td><td class="align-center" style="height: 64.8281px; border-width: 1px;">##### **Description**

</td></tr><tr style="height: 46.5938px;"><td style="height: 46.5938px; border-width: 1px;">/b</td><td style="height: 46.5938px; border-width: 1px;">Aborts if an error is encountered. By default, cipher continues to run even if errors are encountered.</td></tr><tr style="height: 29.7969px;"><td style="height: 29.7969px; border-width: 1px;">/c</td><td style="height: 29.7969px; border-width: 1px;">Displays information on the encrypted file.</td></tr><tr style="height: 29.7969px;"><td style="height: 29.7969px; border-width: 1px;">/d</td><td style="height: 29.7969px; border-width: 1px;">Decrypts the specified files or directories.</td></tr><tr style="height: 63.3906px;"><td style="height: 63.3906px; border-width: 1px;">/e</td><td style="height: 63.3906px; border-width: 1px;">Encrypts the specified files or directories. Directories are marked so that files that are added afterward will be encrypted.</td></tr><tr style="height: 29.7969px;"><td style="height: 29.7969px; border-width: 1px;">/h</td><td style="height: 29.7969px; border-width: 1px;">Displays files with hidden or system attributes. By default, these files are not encrypted or decrypted.</td></tr><tr style="height: 29.7969px;"><td style="height: 29.7969px; border-width: 1px;">/k</td><td style="height: 29.7969px; border-width: 1px;">Creates a new certificate and key for use with Encrypting File System (EFS) files. If the **/k** parameter is specified, all other parameters are ignored.</td></tr><tr style="height: 29.7969px;"><td style="height: 29.7969px; border-width: 1px;">/r:&lt;filename&gt;

\[/smartcard\]

</td><td style="height: 29.7969px; border-width: 1px;">Generates an EFS recovery agent key and certificate, then writes them to a .pfx file (containing certificate and private key) and a .cer file (containing only the certificate). If /smartcard is specified, it writes the recovery key and certificate to a smart card, and no .pfx file is generated.</td></tr><tr style="height: 29.7969px;"><td style="height: 29.7969px; border-width: 1px;">/s:&lt;directory&gt;</td><td style="height: 29.7969px; border-width: 1px;">Performs the specified operation on all subdirectories in the specified directory.</td></tr><tr style="height: 29.7969px;"><td style="height: 29.7969px; border-width: 1px;">/u \[/n\]</td><td style="height: 29.7969px; border-width: 1px;">Finds all encrypted files on the local drive(s). If used with the /n parameter, no updates are made. If used without /n, /u compares the user's file encryption key or the recovery agent's key to the current ones, and updates them if they have changed. This parameter works only with /n.</td></tr><tr style="height: 29.7969px;"><td style="height: 29.7969px; border-width: 1px;">/w:&lt;directory&gt;</td><td style="height: 29.7969px; border-width: 1px;">Removes data from available unused disk space on the entire volume. If you use the /w parameter, all other parameters are ignored. The directory specified can be located anywhere in a local volume. If it is a mount point or points to a directory in another volume, the data on that volume is removed.</td></tr><tr style="height: 29.7969px;"><td style="height: 29.7969px; border-width: 1px;">/x\[:efsfile\]

\[&lt;FileName&gt;\]

</td><td style="height: 29.7969px; border-width: 1px;">Backs up the EFS certificate and keys to the specified file name. If used with :efsfile, /x backs up the user's certificate(s) that were used to encrypt the file. Otherwise, the user's current EFS certificate and keys are backed up.</td></tr><tr><td style="border-width: 1px;">/y</td><td style="border-width: 1px;">Displays your current EFS certificate thumbnail on the local computer.</td></tr><tr><td style="border-width: 1px;">/adduser

\[/certhash:&lt;hash&gt;\]

</td><td style="border-width: 1px;">/certfile:&lt;filename&gt;\]</td></tr><tr><td style="border-width: 1px;">/rekey</td><td style="border-width: 1px;">Updates the specified encrypted file(s) to use the currently configured EFS key.</td></tr><tr><td style="border-width: 1px;">/removeuser

/certhash:&lt;hash&gt;

</td><td style="border-width: 1px;">Removes a user from the specified file(s). The Hash provided for /certhash must be the SHA1 hash of the certificate to remove.</td></tr><tr><td style="border-width: 1px;">/?</td><td style="border-width: 1px;">Displays help at the command prompt.</td></tr></tbody></table>

\*\*[Source](https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/cipher)

#### Example of Encrypting and Decrypting a Folder in Windows 10

Below is an example folder (SecretStuff) that has two files in it. If I want to encrypt the folder and the two files in it I can use the cipher command from an administrator privilege command prompt to see the status of encryptioncls

.

[![image.png](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/scaled-1680-/IGqimage.png)](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/IGqimage.png)

[![image.png](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/scaled-1680-/LL9image.png)](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/LL9image.png)

The 'U' next to the two files indicates that the files are not encrypted.

To encrypt the files use the cipher /e parameter to encrypt everything in the SecretStuff folder and the folder itself.

[![image.png](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/scaled-1680-/9mnimage.png)](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/9mnimage.png)

Now, if we check again using the cipher command without any parameters we see that the files are encrypted. The 'E' denotes that the files are now encrypted. There is also a visual queue in Windows Explorer that shows that the files are encrypted. A padlock icon is added to the icons for both files.

[![image.png](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/scaled-1680-/9xlimage.png)](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/9xlimage.png)

[![image.png](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/scaled-1680-/Tcwimage.png)](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/Tcwimage.png)

[![image.png](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/scaled-1680-/3QTimage.png)](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/3QTimage.png)

Last, if you want to decrypt everything the SecretStuff folder and the folder itself just use the command cipher /d

[![image.png](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/scaled-1680-/fOUimage.png)](https://bookstack.taylorhome.run/uploads/images/gallery/2023-03/fOUimage.png)

And the files and folder are now decrypted again.