Batch File Encryption

Introduction

Batch does *not* have real encryption, but it can:

This tutorial shows real working methods.

1. Base64 Encode & Decode (certutil)

Windows built-in certutil can encode & decode files — useful for obfuscation.

Encode:

certutil -encode input.txt encoded.txt

Decode:

certutil -decode encoded.txt output.txt

2. XOR Encryption (simple but effective)

A simple XOR encryption routine using a key:

@echo off
set "key=45"

set /p "input=File to encrypt: "
set /p "output=Output file: "

> "%output%" (
  for /f "usebackq delims=" %%A in ("%input%") do (
    set "line=%%A"
    call :xorProcess
  )
)

echo Done.
exit /b

:xorProcess
set "result="
for /l %%i in (0,1,9999) do (
  set "char=!line:~%%i,1!"
  if "!char!"=="" goto write
  set /a code=0x!char! ^ key
  set "hex=0%code%"
  set "result=!result!!hex:~-2!"
)
:write
echo !result!
exit /b

(This is minimal; real XOR encryption in Batch is limited but works for obfuscation.)

3. Password-Protected File Access

Not encryption, but restricts access.

@echo off
set /p pass=Password: 
if not "%pass%"=="CTW2025" exit /b

type secret.txt

4. Using Windows EFS Encryption

Windows has a built-in file encryption system (NTFS only). This is REAL encryption, not obfuscation.

Encrypt file:

cipher /e "secret.txt"

Decrypt file:

cipher /d "secret.txt"

Encryption is tied to your user account.

5. Batch Script Self-Encryption (Encode Script)

You can Base64-encode your own Batch code:

certutil -encode script.bat script.b64

Then create a loader that decodes + executes:

certutil -decode script.b64 temp.bat
call temp.bat
del temp.bat

6. Hashing Files

Not encryption, but good for integrity.

certutil -hashfile file.txt SHA256

7. Hide File Contents

attrib +h +s secret.txt
attrib -h -s secret.txt

8. Real Encryption Using External Tools

Batch can wrap real encryption tools:

openssl enc -aes-256-cbc -in file.txt -out file.enc
openssl enc -d -aes-256-cbc -in file.enc -out file.txt

9. Summary