Win32::Security::EFS - Perl interface to functions that assist in working with EFS (Encrypted File System) under Windows plattforms.


        use Win32::Security::EFS;

        if(Win32::Security::EFS->supported()) {


The Encrypted File System, or EFS, was introduced in version 5 of NTFS to provide an additional level of security for files and directories. It provides cryptographic protection of individual files on NTFS volumes using a public-key system. Typically, the access control to file and directory objects provided by the Windows security model is sufficient to protect unauthorized access to sensitive information. However, if a laptop containing sensitive data is lost or stolen, the security protection of that data may be compromised. Encrypting the files increases security in this scenario.



Returns true iff the underlaying filesystem supports EFS


The encrypt function encrypts a file or directory. All data streams in a file are encrypted. All new files created in an encrypted directory are encrypted.


The decrypt function decrypts an encrypted file or directory.


The encryption_status function retrieves the encryption status of the specified file.

If the function succeeds, it will return one of the following values see the "CONSTANTS" section.


The encryption_disable function disables encryption of the specified directory and the files in it. It does not affect encryption of subdirectories below the indicated directory.


The encryption_enable function enables encryption of the specified directory and the files in it. It does not affect encryption of subdirectories below the indicated directory.


You have the possibility to access the plain API directly. Therefore the following functions can be exported:

    use Win32::Security::EFS ':api';
    BOOL EncryptFile(
        LPCTSTR lpFileName  // file name
DecryptFile($filename, $reserved)
    BOOL DecryptFile(
        LPCTSTR lpFileName,  // file name
        DWORD dwReserved     // reserved; must be zero
FileEncryptionStatus($filename, \$status)
    BOOL FileEncryptionStatus(
        LPCTSTR lpFileName,  // file name
        LPDWORD lpStatus     // encryption status
EncryptionDisable($filename, $disable)
    BOOL EncryptionDisable(
        LPCWSTR lpDirPath,
        BOOL fDisable
QueryUsersOnEncryptedFile( ... )

Not yet implemented.


You can import all constants by importing Win32::Security::EFS like

        use Win32::Security::EFS ':consts';
  • encryption_status constants

    • FILE_DIR_DISALLOWED: Reserved for future use.

    • FILE_ENCRYPTABLE: The file can be encrypted.

    • FILE_IS_ENCRYPTED: The file is encrypted.

    • FILE_READ_ONLY: The file is a read-only file.

    • FILE_ROOT_DIR: The file is a root directory. Root directories cannot be encrypted.

    • FILE_SYSTEM_ATTR: The file is a system file. System files cannot be encrypted.

    • FILE_SYSTEM_DIR: The file is a system directory. System directories cannot be encrypted.

    • FILE_SYSTEM_NOT_SUPPORT: The file system does not support file encryption.

    • FILE_UNKNOWN: The encryption status is unknown. The file may be encrypted.

    • FILE_USER_DISALLOWED: Reserved for future use.


Sascha Kiefer,


Copyright (C) 2006 Sascha Kiefer

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.