Displays or alters the encryption of directories [files] on NTFS partitions.
CIPHER [/E | /D] [/S:directory] [/A] [/I] [/F] [/Q] [/H] [pathname […]]
CIPHER /K
CIPHER /R:filename
CIPHER /U [/N]
CIPHER /W:directory
CIPHER /X[:efsfile] [filename]
/A Operates on files as well as directories. The encrypted file<br /> could become decrypted when it is modified if the parent<br /> directory is not encrypted. It is recommended that you encrypt<br /> the file and the parent directory.<br /> /D Decrypts the specified directories. Directories will be marked<br /> so that files added afterward will not be encrypted.<br /> /E Encrypts the specified directories. Directories will be marked<br /> so that files added afterward will be encrypted.<br /> /F Forces the encryption operation on all specified objects, even<br /> those which are already encrypted. Already-encrypted objects<br /> are skipped by default.<br /> /H Displays files with the hidden or system attributes. These<br /> files are omitted by default.<br /> /I Continues performing the specified operation even after errors<br /> have occurred. By default, CIPHER stops when an error is<br /> encountered.<br /> /K Creates new file encryption key for the user running CIPHER. If<br /> this option is chosen, all the other options will be ignored.<br /> /N This option only works with /U. This will prevent keys being<br /> updated. This is used to find all the encrypted files on the<br /> local drives.<br /> /Q Reports only the most essential information.<br /> /R Generates an EFS recovery agent key and certificate, then writes<br /> them to a .PFX file (containing certificate and private key) and<br /> a .CER file (containing only the certificate). An administrator<br /> may add the contents of the .CER to the EFS recovery policy to<br /> create the recovery agent for users, and import the .PFX to<br /> recover individual files.<br /> /S Performs the specified operation on directories in the given<br /> directory and all subdirectories.<br /> /U Tries to touch all the encrypted files on local drives. This will<br /> update user's file encryption key or recovery agent's key to the<br /> current ones if they are changed. This option does not work with<br /> other options except /N.<br /> /W Removes data from available unused disk space on the entire<br /> volume. If this option is chosen, all other options are ignored.<br /> The directory specified can be anywhere in a local volume. If it<br /> is a mount point or points to a directory in another volume, the<br /> data on that volume will be removed.<br /> /X Backup EFS certificate and keys into file filename. If efsfile is<br /> provided, the current user's certificate(s) used to encrypt the<br /> file will be backed up. Otherwise, the user's current EFS<br /> certificate and keys will be backed up.
directory A directory path.<br /> filename A filename without extensions.<br /> pathname Specifies a pattern, file or directory.<br /> efsfile An encrypted file path.
Used without parameters, CIPHER displays the encryption state of<br /> the current directory and any files it contains. You may use multiple<br /> directory names and wildcards. You must put spaces between multiple<br /> parameters.
Example
C:\>cipher /W:c:\ To remove as much data as possible, please close all other applications while running CIPHER /W. Writing 0x00 ................................................................................ .............................................................. Writing 0xFF ................................................................................ ................... Writing Random Numbers ................................................................................ ...................
– FredPettis - 01 May 2009