Microsoft DOS cipher command

Quick links

About cipher

About cipher

Displays or alters the encryption of directories [files] on NTFS partitions.


The cipher.exe command is an external command that is available in the below Microsoft operating systems.

Windows 2000
Windows XP
Windows Vista
Windows 7


Displays or alters the encryption of directories [files] on NTFS partitions.

CIPHER [/E | /D] [/S:dir] [/A] [/I] [/F] [/Q] [/H] [/K] [pathname [...]]

CIPHER /W:directory

CIPHER /X[:efsfile] [filename]

/EEncrypts the specified directories. Directories will be marked so that files added afterward will be encrypted.
/DDecrypts the specified directories. Directories will be marked so that files added afterward will not be encrypted.
/SPerforms the specified operation on directories in the given directory and all subdirectories.
/AOperation for files as well as directories. The encrypted file could become decrypted when it is modified if the parent directory is not encrypted. It is recommended that you encrypt the file and the parent directory.
/IContinues performing the specified operation even after errors
have occurred. By default, CIPHER stops when an error is
/FForces the encryption operation on all specified objects, even those that are already encrypted. Already-encrypted objects are skipped by default.
/QReports only the most essential information.
/HDisplays files with the hidden or system attributes. These files are omitted by default.
/KCreate new file encryption key for the user running CIPHER. If this option is chosen, all the other options will be ignored.
/WRemoves data from available unused disk space on the entire
volume. If this option is chosen, all other options are ignored.
The directory specified can be anywhere in a local volume. If it
is a mount point or points to a directory in another volume, the
data on that volume will be removed.
/XBackup EFS certificate and keys into file filename. If efsfile is provided, the current user's certificate(s) used to encrypt the file will be backed up. Otherwise, the user's current EFS certificate and keys will be backed up.
dirA directory path.
pathnameSpecifies a pattern, file or directory.
efsfileAn encrypted file path.

Used without parameters, CIPHER displays the encryption state of the current directory and any files it contains. You may use multiple directory names and wildcards. You must put spaces between multiple parameters.


Display the status of each of the files in the current directory.


For example, running the above command may display something similar to the example below.


Listing C:\DOCUME~1\ADMINI~1\Desktop\
New files added to this directory will not be encrypted.

U 308374_harddisk_3.jpg
U cipher.txt
U FileZilla.lnk
U hope.txt
U inc
U l-gloss.pdf
U logos.gif
U Main_Page.htm
U Main_Page_files
U move

Next, if we wanted to enable encryption on a directory, type a command similar to the below command. In the example below this is encrypting the hope directory and will encrypt any files added into that directory after the encryption has been enabled.

cipher /e hope

Encrypting directories in C:\DOCUME~1\ADMINI~1\Desktop\

test [OK]

1 directory within 1 directory were encrypted.

Additional information

  • See our cipher and encryption definitions for further information and related links on these terms.