Allowing access to copy an encrypted file

Hi all,

I have efs encryption enabled on my windows account. I would like to sync  copy of my data to Onedrive, but copy the files/drive in encrypted form, not decrypted form, so it's  never on Onedrive and never leaves the pc in decrypted form. The idea I have had is to install Goodsync synching software on another windows account on the same machine, and not install my efs certificate in that user account, so the software can only see an encrypted version of the files.

However, I notice when logging in to this second windows account myself and doing a little testing I can see the files but can't copy-paste any of them. When trying to copy one of them to, say the desktop, I get an error message saying I don't have permission to access the file.

How can I set up efs/file rights so that Goodsync has access to the files so it can sync them (perhaps running from a different account on the same machine as suggested), but not see them in decrypted form?

Edited by califauna, 24 January 2024 - 12:06 AM.

Windows 10 Pro.

I am an admin on my usual account. I can set up the the other account as admin or user.

Bump (unsolved).

I can't see why in theory this shouldn't be possible. There's nothing physically preventing software copying the encrypted contents of a section of a disk, and thus a file (even if the software sees the thing it is copying as gibberish), allowing that file to later be decrypted by software running in an account which does have the EFS key installed.

If this is not possible on Windows for some reason, can anyone offer an explanation (some kind of EFS policy? what this policy is, if it can be removed, why it can't be removed, etc)?

Edited by califauna, 08 March 2024 - 07:11 AM.

I always thought that some encryption programs, also blocked the copying of a file, as added security.

Edited by wee-eddie, 08 March 2024 - 04:24 AM.

Anyone able to answer this question?

There is some speculation above about encryption programs blocking copying of files. Windows EFS isn't exactly a 'program' as such though.

There's also a claim that I can't achieve copying an encrypted file from a different user account, but no explanation is given for why this should be the case. Also, in my experience copying encrypted files isn't usually blocked like this. Anyone able to confirm/correct this in such use cases, and maybe provide an explanation?

I provided you one if any user could decrypt a file providing the secret key than that eoukd defeat the purpose of encryption.

Bleepin Madman you don't seem to understand what is being asked here. And this isn't an explanation of why an encrypted file can't be copied. Encrypted files are just sections of data on a drive. Copying that data doesn't technically require decrypting it first (encrypted data can be read by a computer in it's encrypted form, it just remains gibberish until it's decrypted!). This is why an encrypted drive can be copied via cloning/imagining - it just copies the raw data. However, Windows does prevent this copying process for individual files , on some Windows OS's at least, hence the question. Not sure what you mean here by 'secret key' but if you are referring to a file containing the encryption hash, the question doesn't assume that the file is decrypted - rather the opposite, that it's encrypted.

Edited by califauna, 10 March 2025 - 06:51 PM.

Bump!  I haven't found a workaround for this and would appreciate any help understanding why it is that Windows 10 running EFS not only encrypts files (as desired) but sometimes also blocks read access to encrypted files (in raw, encrypted form) for users who don't have that EFS key installed.

Thanks!

Edited by califauna, 10 March 2025 - 06:50 PM.

Anyone with the secret key decrypt the files and data.

Bleepin Madman, this is obvious and doesn't answer the question in any way. No offense but you don't seem to understand the question being asked here. Thanks for your answers thus far but perhaps it would be better if you left the question for others to respond to at this point.

That's the point of encryption.

You can't decipher it, copy it or whatever.

If you were able to, it would be pointless

Thanks wee-eddie but you don't seem to understand this topic either. The purpose of encryption isn't to prevent the copying of encrypted data, it's to prevent the reading of the data in intelligible form.  Perhaps it would be better to leave the thread for others to respond to.