Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Do I Encrypt a Folder?

Sometimes encrypting a single file isn’t enough. Sometimes you want to encrypt all the files in a folder, and often the sub-folders as well.

As you might imagine, there are several different solutions, depending on your particular needs.

I’ll review some of the alternatives, as well as their pros and cons.

Become a Patron of Ask Leo! and go ad-free!

Using Windows to encrypt files and folders

If you’re running Windows Professional Edition or better1, and your disk is formatted using NTFS (most Windows hard disks are these days), then Windows can encrypt your files and/or folders for you using EFS, or the Encrypting File System.

The technique is very simple. Right-click on the file or folder you want to encrypt – my example here is a folder called “Sensitive Documents” – and click on Properties.

Properties item on a folder

In the resulting dialog, on the General tab, click on Advanced.

Properties dialog - Advanced Button

In the resulting “Advanced Attributes” dialog, make sure that “Encrypt contents to secure data” is checked.

Properties Advanced Attributes

Click OK. You may be asked whether you want the single item encrypted, or more. In the case of folders, the second option is to encrypt the folder and everything within it. In the case of encrypting a file, the second option is to also encrypt the folder containing the file. The choice is yours, depending on what you’re attempting to do. (In general, I find encrypting a folder and everything within it the most straightforward choice.)

The good news:  It’s simple, easy, and almost completely transparent to encrypt a folder. Your folder, and all the files it contains, are encrypted. As long as you’re not logged in, anyone who steals or otherwise gains access to your computer, or even just your hard drive, cannot gain access.

The bad news: Anyone (including malware) who has access to your computer while you’re logged in can access your files, bypassing the encryption. In fact, anyone who can log in by virtue of knowing or cracking your log-in password can, as well; your log-in password is, perhaps, the weakest link. The files are encrypted on your hard drive, and there’s no way to share the encrypted files with others.

VeraCrypt

VeraCrypt is a successor to the once very popular TrueCrypt. It has a couple of different approaches to high-quality encryption, one of which we can use to encrypt a folder – or at least something very similar.

You can use VeraCrypt to create an encrypted container secured with a passphrase. This is a single encrypted file kept on your computer’s hard drive. You then “mount” that file using VeraCrypt, supplying the passphrase to decrypt it. Once mounted, the unencrypted contents of that file appear as a separate drive – often called a virtual drive – on your system. Reading data from and writing data to that virtual drive transparently decrypts and encrypts the data stored in the container file. Once the drive is unmounted, the data is once again inaccessible without re-mounting the container and knowing the passphrase.

A Secure VaultThe specific details are beyond the scope of this article, but as an example, you might create a container C:\Users\loginname\Documents\MySensitiveDocuments, and give it a nice, secure passphrase. When you mount MySensitiveDocments using VeraCrypt and that passphrase, you can then assign it a drive letter – I’ll use “S:” for this example. Now any program can read and write files and folders to drive “S:”; when doing so, the data is stored inside of the file MySensitiveDocuments in encrypted form. Once you unmount the container, drive S: disappears, and the data is no longer visible in unencrypted form.

Using VeraCrypt to manage an encrypted container in this way is very similar to having an encrypted folder.

The good news: VeraCrypt provides high-quality encryption, and is available on multiple platforms. Containers created by VeraCrypt are not tied to your login, but are secured by a passphrase. The containers can be copied from machine to machine and opened anywhere. Once mounted, encryption and decryption is transparent to any program reading and writing data on the virtual drive.

The bad news: Containers are monolithic, meaning that regardless of how many files they contain, they are still a single container file. The container size is specified when you create it, and cannot be resized. The only way to move encrypted data from one place to another is to copy the entire container.

BoxCryptor

BoxCryptor uses a model similar to VeraCrypt, but is designed to work optimally with online or “cloud” services. Rather than storing everything in a single container, BoxCryptor maintains individually encrypted files.

When you install and configure BoxCryptor, you point it at an empty folder on your machine which will contain your encrypted data, and specify a passphrase to use for encryption.

You then mount that folder using BoxCryptor and your chosen passphrase. Much like VeraCrypt, a virtual drive appears. Files and folders transparently written to and read from that virtual drive are encrypted and stored within the folder you originally specified. Once you unmount the folder, only the encrypted copies remain accessible.

The major difference between BoxCryptor and VeraCrypt is that BoxCryptor maintains the encrypted files and folders as individual files and folders rather than using a single, monolithic container. The article BoxCryptor – Secure Your Data in the Cloud goes into the differences in more detail.

The good news: BoxCryptor provides high-quality encryption and is available on multiple platforms. It’s highly suited to storing encrypted data on online storage services. Like VeraCrypt, your data is protected by a passphrase, and is not tied to your login. Once mounted, encryption and decryption is transparent to any program reading and writing data on the virtual drive. There are no size issues, other than the disk space you have available.

The bad news: You cannot easily copy individual files encrypted using BoxCryptor to other machines, though of course the entire encrypted folder is designed to be replicated to other machines and cloud storage providers.

It’s difficult to make a recommendation

Normally, I’d make a recommendation as to what technology might be best suited. Unfortunately, this really is a case where different tools solve the generic problem – how to encrypt a folder – in different ways that involve different trade-offs. You may need to evaluate those trade-offs differently.

What I can tell you is what I’ve settled on – and that’s BoxCryptor.

I don’t use operating-system encryption at the file or folder level. (I use whole disk encryption to secure my entire hard drive – more on that coming soon.) I use cloud storage heavily – both my own and that of popular services. BoxCryptor ensures that anything I consider even somewhat sensitive is stored securely encrypted, as it’s automatically replicated not only to online storage, but across my various computers as well.

Podcast audio

Play

More for Patrons of Ask Leo!

Silver-level patrons have access to this related video from The Ask Leo! Video Library.

Encrypting Files and Folders in Windows   Encrypting Files and Folders in Windows

Footnotes & references

1: Essentially this boils down to anything but the Home or Started editions. In File Explorer right-click on My Computer or This PC, and select Properties, then look for “Windows Edition” to see what you have.

5 comments on “How Do I Encrypt a Folder?”

  1. I use AxCrypt, and believe it’s preferable to these mentioned here, because it encrypts either individual files or everything within a folder without peculiar restrictions or quirks. Encrypted files or folders can be copied to other machines and used, with the usual copy commands, without any restrictions.
    http://www.axantum.com/AxCrypt/

    • AxCrypt used to come bundled with extra software – OpenCandy – that most antivirus programs tagged as a PUP/PUA (which is somewhat ironic given that it’s a security app).

      https://www.axantum.com/AxCrypt/Freeware.html

      I have no idea what, if anything, it’s bundled with now – OpenCandy was shut down last year – but it’s certainly not an app I’d recommend.

  2. Hello Leo,
    Your previous article about encryption and now this one has only served to confirm my purchase of Veracrypt. Regarding one or a small number of files to encrypt, the container can be quite small to not waste space.
    I use Veracrypt now in a number of ways, utilising the basic idea of the container, mounting and dismounting is very easy, at first I found it daunting, now do it with my eyes shut.
    I have an encrypted file (container) on Dropbox, within which I have various files, it is very simple to achieve.
    I use it on my laptop in 2 different ways to ensure all critical files are secure.
    Thank you for your advice, it has proven to be very very valuable.
    Regards,
    David Evans

    • “Your previous article about encryption and now this one has only served to confirm my purchase of Veracrypt.” – Purchase? I could be mistaken, but I don’t believe that there is a paid version – it’s free and open source – and so you should not have needed to purchase it.

  3. In regard to VeraCrypt: “The container size is specified when you create it, and cannot be resized.”

    I’m not an expert on VeraCrypt, but don’t believe that is correct. Although VeraCrypt containers can’t be reduced, my understanding is that they can be enlarged.

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.