命令行大全

cipher

舞夕之 发表于 2020-06-29 14:58浏览次数:

Cipher命令显示或更改NTFS分区上的目录[files]的加密。

查看英文版

目录:

1 cipher 运行系统环境

2 cipher 语法

3 cipher 示例

cipher 运行系统环境

Windows xp

Windows vista

Windows 2000

Windows 7

Windows 8

Windows 10

cipher 语法

Windows Vista和更高版本的语法

CIPHER [/E | /D | /C] [/S:directory] [/B] [/H] [pathname [...]]
CIPHER /K [/ECC:256|384|521]
CIPHER /R:file name [/SMARTCARD] [/ECC:256|384|521]
CIPHER /U [/N]
CIPHER /W:directory
CIPHER /X[:efsfile] [file name]
CIPHER /Y
CIPHER /ADDUSER [/CERTHASH:hash | /CERTFILE:file name | /USER:username] [/S:directory] [/B] [/H] [pathname [...]]
CIPHER /FLUSHCACHE [/SERVER:servername]
CIPHER /REMOVEUSER /CERTHASH:hash [/S:directory] [/B] [/H] [pathname [...]]
CIPHER /REKEY [pathname [...]]
/B 如果遇到错误,则中止。默认情况下,即使遇到错误,CIPHER也会继续执行。
/C 显示有关加密文件的信息。
/D 解密指定的目录。目录将被标记,以便以后添加的文件不被加密。
/E / E加密指定的文件或目录。目录将被标记,以便以后添加的文件被加密。如果父目录未加密,则修改后的加密文件可能会被解密。建议您对文件和父目录进行加密。
/H 显示具有隐藏或系统属性的文件。这些文件默认情况下被忽略。
/K 为运行CIPHER的用户创建新的文件加密密钥。如果选择此选项,则忽略所有其他选项。
注意:默认情况下,/ K创建符合当前组策略的证书和密钥。如果指定了ECC,将使用提供的密钥大小创建自签名证书。
/N 此选项仅与/ U一起使用,并防止更新密钥。使用此选项可在本地驱动器上找到所有加密文件。
/R / R生成EFS恢复密钥和证书,然后将它们写入.PFX文件(包含证书和私钥)和.CER文件(仅包含证书)。管理员可以将.CER的内容添加到EFS恢复策略中,以为用户创建恢复密钥,然后导入.PFX以恢复单个文件。如果指定了SMARTCARD,则将恢复密钥和证书写入智能卡。生成一个.CER文件(仅包含证书)。没有生成.PFX文件。
注意:默认情况下,/ R创建一个2048位RSA恢复密钥和证书。如果指定了ECC,则必须紧随其后的是256、384或521的密钥大小。
/S 在给定目录和所有子目录中的目录上执行指定的操作。
/U 尝试触摸本地驱动器上的所有加密文件。/ U开关将用户的文件加密密钥或恢复密钥更新为当前的密钥。该选项不适用于/ N以外的其他选项。
/W 从整个卷上的可用未使用磁盘空间中删除数据。如果选择此选项,则将忽略所有其他选项。指定的目录可以在本地卷中的任何位置。如果它是安装点或指向另一个卷中的目录,则该卷上的数据将被删除。
/X 备份EFS证书并键入文件名。如果提供了efsfile,则将备份用于加密文件的当前用户证书。否则,将备份用户当前的EFS证书和密钥。
/Y 在本地PC上显示当前的EFS证书指纹。
/ADDUSER 将用户添加到指定的加密文件。如果提供了CERTHASH,则密码将使用此SHA1哈希搜索证书。如果提供了CERTFILE,cipher将从文件中提取证书。如果提供了USER,密码将尝试在Active Directory域服务中找到用户的证书。
/ FLUSHCACHE 清除指定服务器上主叫用户的EFS密钥缓存。如果未提供服务器名,密码将清除本地计算机上的用户密钥缓存。
/REKEY 更新指定的加密文件以使用配置的EFS当前密钥。
/REMOVEUSER 从指定的文件中删除用户。CERTHASH必须是要删除的证书的SHA1哈希。
directory 目录路径。
file name 没有扩展名的文件名。
pathname 指定模式,文件或目录。
efsfile 加密的文件路径。

不带参数使用时,CIPHER显示当前目录及其包含的任何文件的加密状态。您可以使用多个目录名称和通配符。您必须在多个参数之间放置空格。

Windows XP和更早的语法

显示或更改NTFS分区上目录[files]的加密。

CIPHER [/E | /D] [/S:dir] [/A] [/I] [/F] [/Q] [/H] [/K] [pathname [...]]
CIPHER /W:directory
CIPHER /X[:efsfile] [file name]
/E 加密指定的目录。目录将被标记,以便以后添加的文件被加密。
/D 解密指定的目录。目录将被标记,以便以后添加的文件不被加密。
/S 在给定目录和所有子目录中的目录上执行指定的操作。
/A 文件和目录的操作。如果父目录未加密,则修改后的加密文件可能会被解密。建议您对文件和父目录进行加密。
/I 即使发生错误,
也继续执行指定的操作。默认情况下,CIPHER在
遇到错误时停止。
/F 对所有指定的对象(即使是已加密的对象)强制执行加密操作。默认情况下会跳过已加密的对象。
/Q 仅报告最基本的信息。
/H 显示具有隐藏或系统属性的文件。这些文件默认情况下被忽略。
/K 为运行CIPHER的用户创建新的文件加密密钥。如果选择此选项,则忽略所有其他选项。
/W 从整个
卷上的可用未使用磁盘空间中删除数据。如果选择此选项,则将忽略所有其他选项。
指定的目录可以在本地卷中的任何位置。如果它
是安装点或指向另一个卷中的目录,则该卷上的
数据将被删除。
/X 备份EFS证书和密钥到文件名中。如果提供了efsfile,则将备份用于加密文件的当前用户证书。否则,将备份用户当前的EFS证书和密钥。
dir 目录路径。
pathname 指定模式,文件或目录。
efsfile 加密的文件路径。

不带参数使用时,CIPHER显示当前目录及其包含的任何文件的加密状态。您可以使用多个目录名称和通配符。您必须在多个参数之间放置空格。

Windows Vista and later syntax
CIPHER [/E | /D | /C] [/S:directory] [/B] [/H] [pathname [...]]
CIPHER /K [/ECC:256|384|521]
CIPHER /R:file name [/SMARTCARD] [/ECC:256|384|521]
CIPHER /U [/N]
CIPHER /W:directory
CIPHER /X[:efsfile] [file name]
CIPHER /Y
CIPHER /ADDUSER [/CERTHASH:hash | /CERTFILE:file name | /USER:username] [/S:directory] [/B] [/H] [pathname [...]]
CIPHER /FLUSHCACHE [/SERVER:servername]
CIPHER /REMOVEUSER /CERTHASH:hash [/S:directory] [/B] [/H] [pathname [...]]
CIPHER /REKEY [pathname [...]]
/B Abort if an error is encountered. By default, CIPHER continues executing even if errors are encountered.
/C Displays information on the encrypted file.
/D Decrypts the specified directories. Directories will be marked so that files added afterward are not encrypted.
/E /E encrypts the specified files or directories. Directories will be marked so that files added afterward will be encrypted. The encrypted file could become decrypted when it is modified if the parent directory is not encrypted. It is recommended you encrypt the file and the parent directory.
/H Displays files with the hidden or system attributes. These files are omitted by default.
/K Create new file encryption key for the user running CIPHER. If this option is chosen, all the other options are ignored.
Note: By default, /K creates a certificate and key that conform to current group policy. If ECC is specified, a self-signed certificate will be created with the supplied key size.
/N This option only works with /U and prevents keys being updated. Using this option finds all the encrypted files on the local drives.
/R /R generates an EFS recovery key and certificate, then writes them to a .PFX file (containing certificate and private key) and a .CER file (containing only the certificate). An administrator may add the contents of the .CER to the EFS recovery policy to create the recovery key for users, and import the .PFX to recover individual files. If SMARTCARD is specified, then writes the recovery key and certificate to a smart card. A .CER file is generated (containing only the certificate). No .PFX file is generated.
Note: By default, /R creates a 2048-bit RSA recovery key and certificate. If ECC is specified, it must be followed by a key size of 256, 384, or 521.
/S Performs the specified operation on directories in the given directory and all subdirectories.
/U Tries to touch all the encrypted files on local drives. The /U switch update user's file encryption key or recovery keys to the current ones if they are changed. This option does not work with other options except /N.
/W Removes data from available unused disk space on the entire volume. If this option is chosen, all other options are ignored. The directory specified can be anywhere in a local volume. If it is a mount point or points to a directory in another volume, the data on that volume will be removed.
/X Backup EFS certificate and keys into the file name. If efsfile is provided, the current user's certificate(s) used to encrypt the file will be backed up. Otherwise, the user's current EFS certificate and keys will be backed up.
/Y Displays your current EFS certificate thumbprint on the local PC.
/ADDUSER Adds a user to the specified encrypted file(s). If CERTHASH is provided, cipher searches for a certificate with this SHA1 hash. If CERTFILE is provided, cipher will extract the certificate from the file. If USER is provided, cipher will try to locate the user's certificate in Active Directory Domain Services.
/FLUSHCACHE Clears the calling user's EFS key cache on the specified server. If a servername is not provided, cipher clears the user's key cache on the local machine.
/REKEY Updates the specified encrypted file(s) to use the configured EFS current key.
/REMOVEUSER Removes a user from the specified file(s). CERTHASH must be the SHA1 hash of the certificate to remove.
directory A directory path.
file name A file name without extensions.
pathname Specifies a pattern, file or directory.
efsfile An encrypted file path.

Used without parameters, CIPHER displays the encryption state of the current directory and any files it contains. You may use multiple directory names and wildcards. You must put spaces between multiple parameters.

Windows XP and earlier syntax

Displays or alters the encryption of directories [files] on NTFS partitions.

CIPHER [/E | /D] [/S:dir] [/A] [/I] [/F] [/Q] [/H] [/K] [pathname [...]]
CIPHER /W:directory
CIPHER /X[:efsfile] [file name]
/E Encrypts the specified directories. Directories will be marked so that files added afterward will be encrypted.
/D Decrypts the specified directories. Directories will be marked so that files added afterward are not encrypted.
/S Performs the specified operation on directories in the given directory and all subdirectories.
/A Operation for files as well as directories. The encrypted file could become decrypted when it is modified if the parent directory is not encrypted. It is recommended you encrypt the file and the parent directory.
/I Continues performing the specified operation even after errors
have occurred. By default, CIPHER stops when an error is
encountered.
/F Forces the encryption operation on all specified objects, even those that are already encrypted. Already-encrypted objects are skipped by default.
/Q Reports only the most essential information.
/H Displays files with the hidden or system attributes. These files are omitted by default.
/K Create new file encryption key for the user running CIPHER. If this option is chosen, all the other options are ignored.
/W Removes data from available unused disk space on the entire
volume. If this option is chosen, all other options are ignored.
The directory specified can be anywhere in a local volume. If it
is a mount point or points to a directory in another volume, the
data on that volume will be removed.
/X Backup EFS certificate and keys into file name. If efsfile is provided, the current user's certificate(s) used to encrypt the file will be backed up. Otherwise, the user's current EFS certificate and keys will be backed up.
dir A directory path.
pathname Specifies a pattern, file or directory.
efsfile An encrypted file path.

Used without parameters, CIPHER displays the encryption state of the current directory and any files it contains. You may use multiple directory names and wildcards. You must put spaces between multiple parameters.

查看英文版

查看中文版

cipher 示例

显示当前目录中每个文件的状态。

cipher

例如,运行上面的命令可能会显示类似以下示例的内容。

C:\DOCUME~1\ADMINI~1\Desktop>cipher

Listing C:\DOCUME~1\ADMINI~1\Desktop\

New files added to this directory are not encrypted.

U 308374_harddisk_3.jpg
U cipher.txt
U FileZilla.lnk
U hope.txt
U inc
U l-gloss.pdf
U logos.gif
U Main_Page.htm
U Main_Page_files
U move

接下来,如果我们要在目录上启用加密,请键入类似于以下命令的命令。在下面的示例中,HOPE目录将被加密,一旦启用,任何添加到该目录中的文件也将被加密。

cipher /e hope

加密中的目录 C:\DOCUME~1\ADMINI~1\Desktop\

test [OK]

1个目录中的1个目录已加密。

Display the status of each of the files in the current directory.

cipher

For example, running the command above may display something similar to the example below.

C:\DOCUME~1\ADMINI~1\Desktop>cipher

Listing C:\DOCUME~1\ADMINI~1\Desktop\

New files added to this directory are not encrypted.

U 308374_harddisk_3.jpg
U cipher.txt
U FileZilla.lnk
U hope.txt
U inc
U l-gloss.pdf
U logos.gif
U Main_Page.htm
U Main_Page_files
U move

Next, if we wanted to enable encryption on a directory, type a command similar to the following command. In the following example, the hope directory is being encrypted and any file added into that directory once enabled is also encrypted.

cipher /e hope

Encrypting directories in C:\DOCUME~1\ADMINI~1\Desktop\

test [OK]

1 directory within 1 directory were encrypted.

查看英文版

查看中文版