MS-DOS and Windows command line cipher command

Updated:
12/30/2021
by

Calculator Hope

The
cipher
control displays or alters the encryption of directories [files] on NTFS partitions.

Availability

Goose egg is an external control that is available for the following Microsoft operating systems every bit aught.exe.

  • Windows 2000
  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 10
  • Windows xi

Zero syntax

  • Windows Vista and later syntax
  • Windows XP and earlier syntax

Windows Vista and afterward syntax

Cipher [/Eastward | /D | /C] [/South:directory] [/B] [/H] [pathname [...]] CIPHER /K [/ECC:256|384|521] Zip /R:file name [/SMARTCARD] [/ECC:256|384|521] CIPHER /U [/Due north] Zero /W:directory CIPHER /X[:efsfile] [file name] CIPHER /Y Cipher /ADDUSER [/CERTHASH:hash | /CERTFILE:file name | /USER:username] [/Due south:directory] [/B] [/H] [pathname [...]] CIPHER /FLUSHCACHE [/SERVER:servername] CIPHER /REMOVEUSER /CERTHASH:hash [/South:directory] [/B] [/H] [pathname [...]] Zilch /REKEY [pathname [...]]
/B Abort if an error is encountered. By default, CIPHER continues executing even if errors are encountered.
/C Displays data on the encrypted file.
/D Decrypts the specified directories. Directories are marked and then that files added after are not encrypted.
/E /E encrypts the specified files or directories. Directories are marked so that files added later on are encrypted. The encrypted file could get decrypted when it is modified if the parent directory is not encrypted. Information technology is recommended you encrypt the file and the parent directory.
/H Displays files with the subconscious or arrangement attributes. These files are omitted by default.
/Thousand Create new file encryption primal for the user running Goose egg. If this option is chosen, all the other options are ignored.

Annotation: By default, /Grand creates a certificate and primal that conform to electric current group policy. If ECC is specified, a self-signed certificate is created with the supplied key size.
/N This selection but works with /U and prevents keys being updated. Using this option finds all the encrypted files on the local drives.
/R /R generates an EFS recovery key and certificate, then writes them to a .PFX file (containing certificate and private key) and a .CER file (containing only the document). An administrator may add the contents of the .CER to the EFS recovery policy to create the recovery key for users, and import the .PFX to recover individual files. If SMARTCARD is specified, then writes the recovery key and document to a smart card. A .CER file is generated (containing only the certificate). No .PFX file is generated.

Note: By default, /R creates a 2048-bit RSA recovery cardinal and certificate. If ECC is specified, information technology must be followed by a key size of 256, 384, or 521.
/S Performs the specified operation on directories in the given directory and all subdirectories.
/U Tries to affect all the encrypted files on local drives. The /U switch update user’s file encryption central or recovery keys to the electric current ones if they are changed. This pick does not work with other options except /Northward.
/W Removes data from available unused deejay space on the unabridged book. If this selection is chosen, all other options are ignored. The directory specified can be anywhere in a local volume. If information technology’s a mount point or points to a directory in some other volume, the data on that volume is removed.
/10 Backup EFS certificate and keys into the file proper noun. If efsfile is provided, the electric current user’southward certificate(southward) used to encrypt the file are backed up. Otherwise, the user’s current EFS certificate and keys are backed upwards.
/Y Displays your electric current EFS certificate thumbprint on the local PC.
/ADDUSER Adds a user to the specified encrypted file(due south). If
CERTHASH
is provided, cipher searches for a document with this SHA1 hash. If
CERTFILE
is provided, naught extracts the certificate from the file. If
USER
is provided, zilch tries to locate the user’southward certificate in Active Directory Domain Services.
/FLUSHCACHE Clears the calling user’due south EFS key cache on the specified server. If a servername is non provided, naught clears the user’s cardinal cache on the local auto.
/REKEY Updates the specified encrypted file(s) to use the configured EFS current key.
/REMOVEUSER Removes a user from the specified file(southward). CERTHASH must be the SHA1 hash of the certificate to remove.
directory A directory path.
file name A file proper noun without extensions.
pathname Specifies a pattern, file or directory.
efsfile An encrypted file path.
Popular:   Tips on buying computer portable laptops

Used without parameters, Zero displays the encryption country of the electric current directory and whatsoever files it contains. You may use multiple directory names and wildcards. You must put spaces betwixt multiple parameters.

Windows XP and earlier syntax

Displays or alters the encryption of directories [files] on NTFS partitions.

Cipher [/E | /D] [/S:dir] [/A] [/I] [/F] [/Q] [/H] [/1000] [pathname [...]] Zilch /Due west:directory Nil /X[:efsfile] [file proper name]
/E Encrypts the specified directories. Directories are marked so that files added afterward are encrypted.
/D Decrypts the specified directories. Directories are marked and then that files added afterward are not encrypted.
/S Performs the specified operation on directories in the given directory and all subdirectories.
/A Operation for files and directories. The encrypted file could become decrypted when it is modified if the parent directory is non encrypted. It is recommended you encrypt the file and the parent directory.
/I Continues performing the specified operation even after errors
take occurred. Past default, Null stops when an mistake is
encountered.
/F Forces the encryption operation on all specified objects, even those that are already encrypted. Already-encrypted objects are skipped by default.
/Q Reports only the almost essential data.
/H Displays files with the subconscious or arrangement attributes. These files are omitted by default.
/K Create new file encryption key for the user running CIPHER. If this option is chosen, all the other options are ignored.
/West Removes data from available unused disk space on the entire volume. If this choice is chosen, all other options are ignored. The directory specified can be anywhere in a local volume. If it’s a mountain point or points to a directory in another volume, the data on that volume is removed.
/X Backup EFS document and keys into file name. If efsfile is provided, the current user’s document(s) used to encrypt the file are backed upwards. Otherwise, the user’s current EFS certificate and keys are backed upwards.
dir A directory path.
pathname Specifies a pattern, file or directory.
efsfile An encrypted file path.
Popular:   MS-DOS and Windows command line bootsect command

Used without parameters, CIPHER displays the encryption state of the electric current directory and whatever files it contains. Yous may utilise multiple directory names and wildcards. You must put spaces between multiple parameters.

Null examples

Brandish the status of each of the files in the electric current directory.

cipher

For example, running the command above may display something similar to the example below.

C:\DOCUME~1\ADMINI~ane\Desktop>cipher

          Listing C:\DOCUME~1\ADMINI~ane\Desktop\

          New files added to this directory are not encrypted.
          
U 308374_harddisk_3.jpg
U naught.txt
U FileZilla.lnk
U hope.txt
U inc
U l-gloss.pdf
U logos.gif
U Main_Page.htm
U Main_Page_files
U move

Next, if we wanted to enable encryption on a directory, blazon a control similar to the post-obit control. In the following example, the hope directory is being encrypted and whatsoever file added into that directory once enabled is also encrypted.

nil /east hope

Encrypting directories in C:\DOCUME~1\ADMINI~i\Desktop\

test [OK]

one directory within 1 directory were encrypted.