Windows 10 Encryption Further Questions

Forums › Microsoft Windows › Windows 10 Encryption Further Questions

ronw

1222 posts

Uber Geek

#218009 22-Jul-2017 12:31

I am still looking into Encryption of WIndows 10 devices.

Have a new question. If I fully encrypt my laptop it will also encrypt my Google Drive and Dropbox Folders. This presumably would then effectively try to transfer the encrypted files up to the respective clouds. While that would be OK it would mean I could only access those files via a windows device that also was encrypted. I could not access then via an Android Table presumably.

Is there an easy answer or would I have to somehow exclude those folders from Encryption. Which would seem to preclude me form doing full windows disk encryption

Nokia 7 Plus
Nexus 6P 32Gb
Nexus 6 Phone
Nexus 5 Phone
Nexus 7 2013 Tablet
Samsung TAB A 8"
Samsung TAB A 10"

& many Windows laptops, Desktops etc

richms

28172 posts

Uber Geek

Trusted

Lifetime subscriber

#1826987 22-Jul-2017 12:36

That is not how it works. The encryption is only for what is on disk, its decrypted when read so the google drive sync software will never even see the encrypted version.

Richard rich.ms

Andib

1363 posts

Uber Geek

ID Verified

Trusted

#1826988 22-Jul-2017 12:40

No, Windows encryption will not affect your cloud content.

When you launch Windows your data is unlocked / "decrypted" so that Windows & other apps can access it.

The benefit of using bitlocker is even if someone has physical access to your computer if they don't have your decyrption key your data in in-accessible. Whereas if you don't encrypt your data, You can plug the HDD into another computer and view all its content.

<#
.DISCLAIMER
Anything I post is my own and not the views of my past/present/future employer.
#>

ronw

1222 posts

Uber Geek

#1826990 22-Jul-2017 12:45

I am still puzzled are you saying that if I encrypt and the windows is left running but screen locked, the data on disk is still in an unencrypted state? Google and Dropbox both transfer data up to cloud while the computer is logged in but locked with Windows password. So is data encrypted if I lock the screen or not?

Nokia 7 Plus
Nexus 6P 32Gb
Nexus 6 Phone
Nexus 5 Phone
Nexus 7 2013 Tablet
Samsung TAB A 8"
Samsung TAB A 10"

& many Windows laptops, Desktops etc

Andib

1363 posts

Uber Geek

ID Verified

Trusted

#1827033 22-Jul-2017 12:54

ronw:

I am still puzzled are you saying that if I encrypt and the windows is left running but screen locked, the data on disk is still in an unencrypted state? Google and Dropbox both transfer data up to cloud while the computer is logged in but locked with Windows password. So is data encrypted if I lock the screen or not?

Correct, OS Disk encryption will not encrypt the data transferred from your computer to the cloud.

<#
.DISCLAIMER
Anything I post is my own and not the views of my past/present/future employer.
#>

tripp

3848 posts

Uber Geek

Trusted

Lifetime subscriber

#1827035 22-Jul-2017 12:57

For my cloud stuff i use cryptomator and put the vault on my google drive or one drive.

lxsw20

3552 posts

Uber Geek

Subscriber

#1827037 22-Jul-2017 13:00

The disk is always encrypted, but you have the key to unlock the encryption (The TPM most likely). Have a read of the wiki article on Bitlocker. https://en.wikipedia.org/wiki/BitLocker

richms

28172 posts

Uber Geek

Trusted

Lifetime subscriber

#1827041 22-Jul-2017 13:14

If the computer is booted then the keys are in memory to decrypt. If its not booted there is (in theory) no key so nothing but the unencrypted bootloader will be readable, the bootloader gets the key from either TPM if you're lucky enough to have that, or the attached USB drive if not, and then will load the OS from the encrpyted part. Once booted then all the bitlocker stuff is accesable as if the drive was just a normal drive.

The second encryption one is the file specific stuff. That is done by the OS using your windows login details. No other logins will be able to access them, and any services will not be able to. This may break some cloud sync stuff that works as a service not an application but I have seldom used the specific file encryption stuff in windows and certainly not with a cloud storage stuff. Its tied to your windows login so its not easily moved between computers like bitlocker is.

Richard rich.ms

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Note that to use Quic Broadband you must be comfortable with configuring your own router.

ronw

1222 posts

Uber Geek

#1827065 22-Jul-2017 14:13

Thanks for replies. I should say that I will not use Bitlocker and are instead looking at VeraCrypt Does that alter any of the answers

Nokia 7 Plus
Nexus 6P 32Gb
Nexus 6 Phone
Nexus 5 Phone
Nexus 7 2013 Tablet
Samsung TAB A 8"
Samsung TAB A 10"

& many Windows laptops, Desktops etc

timmmay

20578 posts

Uber Geek

Trusted

Lifetime subscriber

#1827112 22-Jul-2017 15:09

Veracrypt creates a virtual drive using a single file stored on a disk. If you back up data from the drive Veracrypt creates it will decrypt it before it's used. If you back up the file that Veracrypt uses to store the file system you'll store one encrypted file to the cloud.