Stop bypassing EFS encryption and upload Encrypted files as encrypted
When OneDrive uploads a file that has been encrypted with EFS (Encrypted File System), it uploads the unencrypted version of the file. It is obviously inappropriate to upload encrypted files in plaintext ESPECIALLY for a cloud provider.
A simple fix is to respect the EFS encryption of files and use the existing APIs to upload the RAW encrypted data, allowing users to encrypt sensitive files that are still encrypted in transit and at rest on OneDrive servers.
For example, you can use these API calls to get access to the encrypted contents:
The way you open an encrypted file in order to read its raw encrypted contents (e.g. for a backup/restore application) is to use the: