Evaluating Windows XP Professional's Encrypting File System
Using the NTFS file system as its foundation, the Encrypting File System (EFS) is a key-based authentication protocol that uses public keys for enabling matches to unlock files. Microsoft has made EFS active by default, and doesn't require a system administrator to get involved with creating the matching keys and certificate. What's also interesting about EFS is that you can encrypt from a file directory down in the hierarchy, which is convenient if you organize confidential data in a specific series of locations on your systems' disk.
How EFS and NTFS Work Together
Think of EFS as the essence of the key and certificate security structure on top of the NTFS file system. In fact, EFS is the core technology for encrypting and decrypting files stored on NTFS volumes. Only the user who encrypts a protected file can open the file and work with it. This is especially useful for mobile computer users because even if someone else gains access to a lost or stolen laptop, he or she will not able to access any of the files on the disk. Microsoft claims that EFS will work with Offline Files and Folders, yet in tests with RC1 and RC2 on an IBM ThinkPad T21, the authentication worked only on files generated from Microsoft applications.
I also found that encrypting with EFS on the NTFS file system under Windows XP Professional also held the encryption when I flex-booted back to Windows NT 4.0. I have to add the disclaimer here that both the partitions in Windows XP Professional and Windows NT 4.0 are both formatted in the NTFS file system. So it's safe to assume authentication holds between operating systems as long as they share the same file system in the primary partition. It remains to be seen if the authentication will also hold true in previous operating systems that have different file systems as their primary partition.